Bug 1298766 - check_dhcp segfaults while parsing arguments
check_dhcp segfaults while parsing arguments
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: nagios-plugins (Show other bugs)
epel7
x86_64 Linux
unspecified Severity low
: ---
: ---
Assigned To: Stephen John Smoogen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-14 19:39 EST by Greg Bowser
Modified: 2017-06-29 23:17 EDT (History)
6 users (show)

See Also:
Fixed In Version: nagios-plugins-2.2.1-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-29 23:17:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch that resolves issue (456 bytes, patch)
2016-01-14 19:39 EST, Greg Bowser
no flags Details | Diff

  None (edit)
Description Greg Bowser 2016-01-14 19:39:09 EST
Created attachment 1114991 [details]
patch that resolves issue

Description of problem:

While parsing command-line arguments, check_dhcp segfaults due to an out-of-bounds array access. I can reproduce this consistently when running a check from Shinken with the following command line (running the same command directly from the shell does not segfault, but this seems to be dumb luck regarding how the memory is allocated):

/usr/lib64/nagios/plugins/check_dhcp -s 10.14.204.209 -m 00:de:ad:be:ef:00 -r 10.14.204.251 -u -i ens32

Here's the backtrace from a coredump:

#0  0x00007f4e6ed99d42 in _getopt_internal_r (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, optstring=0x7f4e6fb22c75 "hVvt:s:r:t:i:m:u", 
    optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, longind=longind@entry=0x7ffffff4fd04, 
    long_only=long_only@entry=0, d=d@entry=0x7f4e6f07d400 <getopt_data>, posixly_correct=posixly_correct@entry=0) at getopt.c:463
#1  0x00007f4e6ed9aeab in _getopt_internal (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, 
    optstring=optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, 
    longind=longind@entry=0x7ffffff4fd04, long_only=long_only@entry=0, posixly_correct=posixly_correct@entry=0) at getopt.c:1176
#2  0x00007f4e6ed9af33 in getopt_long (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, options=options@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", 
    long_options=long_options@entry=0x7f4e6fd26040 <long_options.21493>, opt_index=opt_index@entry=0x7ffffff4fd04) at getopt1.c:65
#3  0x00007f4e6fb1c2fb in call_getopt (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0) at check_dhcp.c:1104
#4  0x00007f4e6fb1c510 in process_arguments (argc=10, argv=0x7ffffff4fe78) at check_dhcp.c:1071
#5  0x00007f4e6fb1a3cd in main (argc=10, argv=<optimized out>) at check_dhcp.c:269

The line where the segfault occurs is (glibc/getopt.c:463):

if (d->optind != argc && !strcmp (argv[d->optind], "--"))

When this line segfaults, d->optind = 10, but argc = 1 -- clearly d->optind is out-of-bounds. The cause seems to be check_dhcp.c:process_arguments, which causes getopt_long to be called multiple times with different values of argc and argv:

while((c+=(call_getopt(argc-c,&argv[c])))<argc){

If I replace this loop with a single call to call_getopt (as in the attached patch), it works flawlessly.

Version-Release number of selected component (if applicable):
Name        : nagios-plugins-dhcp
Arch        : x86_64
Version     : 2.0.3
Release     : 3.el7
Size        : 61 k
Repo        : installed
From repo   : epel
Comment 1 Fedora Update System 2017-02-15 09:41:58 EST
nagios-plugins-2.1.4-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 2 Fedora Update System 2017-02-16 12:18:39 EST
nagios-plugins-2.1.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 3 Fedora Update System 2017-02-16 15:59:12 EST
nagios-plugins-2.1.4-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4bf2c82fc6
Comment 4 Fedora Update System 2017-02-16 18:30:45 EST
nagios-plugins-2.1.4-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 5 Fedora Update System 2017-02-17 16:19:00 EST
nagios-plugins-2.1.4-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 6 Fedora Update System 2017-02-25 16:47:07 EST
nagios-plugins-2.2.0-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cbb077cc9b
Comment 7 Fedora Update System 2017-02-25 17:36:07 EST
nagios-plugins-2.2.0-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 8 Fedora Update System 2017-02-26 17:49:33 EST
nagios-plugins-2.2.0-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 9 Fedora Update System 2017-03-10 20:03:14 EST
nagios-plugins-2.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 10 Fedora Update System 2017-03-11 07:50:27 EST
nagios-plugins-2.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 11 Fedora Update System 2017-03-12 20:38:23 EDT
nagios-plugins-2.2.0-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 12 Fedora Update System 2017-03-13 20:19:15 EDT
nagios-plugins-2.2.0-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 13 Fedora Update System 2017-04-20 20:09:00 EDT
nagios-plugins-2.2.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 14 Fedora Update System 2017-04-22 17:48:25 EDT
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 15 Fedora Update System 2017-06-29 23:17:37 EDT
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.