Bug 1298766 - check_dhcp segfaults while parsing arguments
Summary: check_dhcp segfaults while parsing arguments
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nagios-plugins
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Stephen John Smoogen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-15 00:39 UTC by Greg Bowser
Modified: 2017-06-30 03:17 UTC (History)
6 users (show)

Fixed In Version: nagios-plugins-2.2.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-30 03:17:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
patch that resolves issue (456 bytes, patch)
2016-01-15 00:39 UTC, Greg Bowser 		no flags Details | Diff
View All

Description Greg Bowser 2016-01-15 00:39:09 UTC 
Created attachment 1114991 [details]
patch that resolves issue

Description of problem:

While parsing command-line arguments, check_dhcp segfaults due to an out-of-bounds array access. I can reproduce this consistently when running a check from Shinken with the following command line (running the same command directly from the shell does not segfault, but this seems to be dumb luck regarding how the memory is allocated):

/usr/lib64/nagios/plugins/check_dhcp -s 10.14.204.209 -m 00:de:ad:be:ef:00 -r 10.14.204.251 -u -i ens32

Here's the backtrace from a coredump:

#0  0x00007f4e6ed99d42 in _getopt_internal_r (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, optstring=0x7f4e6fb22c75 "hVvt:s:r:t:i:m:u", 
    optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, longind=longind@entry=0x7ffffff4fd04, 
    long_only=long_only@entry=0, d=d@entry=0x7f4e6f07d400 <getopt_data>, posixly_correct=posixly_correct@entry=0) at getopt.c:463
#1  0x00007f4e6ed9aeab in _getopt_internal (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, 
    optstring=optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, 
    longind=longind@entry=0x7ffffff4fd04, long_only=long_only@entry=0, posixly_correct=posixly_correct@entry=0) at getopt.c:1176
#2  0x00007f4e6ed9af33 in getopt_long (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, options=options@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", 
    long_options=long_options@entry=0x7f4e6fd26040 <long_options.21493>, opt_index=opt_index@entry=0x7ffffff4fd04) at getopt1.c:65
#3  0x00007f4e6fb1c2fb in call_getopt (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0) at check_dhcp.c:1104
#4  0x00007f4e6fb1c510 in process_arguments (argc=10, argv=0x7ffffff4fe78) at check_dhcp.c:1071
#5  0x00007f4e6fb1a3cd in main (argc=10, argv=<optimized out>) at check_dhcp.c:269

The line where the segfault occurs is (glibc/getopt.c:463):

if (d->optind != argc && !strcmp (argv[d->optind], "--"))

When this line segfaults, d->optind = 10, but argc = 1 -- clearly d->optind is out-of-bounds. The cause seems to be check_dhcp.c:process_arguments, which causes getopt_long to be called multiple times with different values of argc and argv:

while((c+=(call_getopt(argc-c,&argv[c])))<argc){

If I replace this loop with a single call to call_getopt (as in the attached patch), it works flawlessly.

Version-Release number of selected component (if applicable):
Name        : nagios-plugins-dhcp
Arch        : x86_64
Version     : 2.0.3
Release     : 3.el7
Size        : 61 k
Repo        : installed
From repo   : epel
Comment 1 Fedora Update System 2017-02-15 14:41:58 UTC 
nagios-plugins-2.1.4-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 2 Fedora Update System 2017-02-16 17:18:39 UTC 
nagios-plugins-2.1.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 3 Fedora Update System 2017-02-16 20:59:12 UTC 
nagios-plugins-2.1.4-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4bf2c82fc6
Comment 4 Fedora Update System 2017-02-16 23:30:45 UTC 
nagios-plugins-2.1.4-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 5 Fedora Update System 2017-02-17 21:19:00 UTC 
nagios-plugins-2.1.4-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 6 Fedora Update System 2017-02-25 21:47:07 UTC 
nagios-plugins-2.2.0-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cbb077cc9b
Comment 7 Fedora Update System 2017-02-25 22:36:07 UTC 
nagios-plugins-2.2.0-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 8 Fedora Update System 2017-02-26 22:49:33 UTC 
nagios-plugins-2.2.0-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 9 Fedora Update System 2017-03-11 01:03:14 UTC 
nagios-plugins-2.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 10 Fedora Update System 2017-03-11 12:50:27 UTC 
nagios-plugins-2.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 11 Fedora Update System 2017-03-13 00:38:23 UTC 
nagios-plugins-2.2.0-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 12 Fedora Update System 2017-03-14 00:19:15 UTC 
nagios-plugins-2.2.0-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 13 Fedora Update System 2017-04-21 00:09:00 UTC 
nagios-plugins-2.2.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 14 Fedora Update System 2017-04-22 21:48:25 UTC 
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 15 Fedora Update System 2017-06-30 03:17:37 UTC 
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.