Description of problem: In the version of check_ntp/check_ntp_peer plugins that exist in the current nagios-plugins RPM, nagios-plugins-1.4.13-11.el5, a buffer overflow exists in the check_ntp/check_ntp_peer plugins. This buffer overflow was reported http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1999319&group_id=29880 and fixed in November of 2008. The current version of nagios-plugins, 1.4.14, contains this fix. Version-Release number of selected component (if applicable): nagios-plugins-1.4.13-11.el5 How reproducible: Every time Steps to Reproduce: 1. Run the check against any NTP server: check_ntp_peer -H yourntpserver Actual results: # /usr/lib64/nagios/plugins/check_ntp_peer -H localhost *** buffer overflow detected ***: /usr/lib64/nagios/plugins/check_ntp_peer terminated ======= Backtrace: ========= /lib64/libc.so.6(__chk_fail+0x2f)[0x34ffee77af] /lib64/libc.so.6(__read_chk+0x28)[0x34ffee7c78] /usr/lib64/nagios/plugins/check_ntp_peer[0x40247f] /usr/lib64/nagios/plugins/check_ntp_peer[0x402e2e] /lib64/libc.so.6(__libc_start_main+0xf4)[0x34ffe1d994] /usr/lib64/nagios/plugins/check_ntp_peer[0x4015b9] ======= Memory map: ======== 00400000-00409000 r-xp 00000000 08:03 14223292 /usr/lib64/nagios/plugins/check_ntp_peer 00608000-00609000 rw-p 00008000 08:03 14223292 /usr/lib64/nagios/plugins/check_ntp_peer 14f04000-14f25000 rw-p 14f04000 00:00 0 [heap] 34ffa00000-34ffa1c000 r-xp 00000000 08:03 6717442 /lib64/ld-2.5.so 34ffc1b000-34ffc1c000 r--p 0001b000 08:03 6717442 /lib64/ld-2.5.so 34ffc1c000-34ffc1d000 rw-p 0001c000 08:03 6717442 /lib64/ld-2.5.so 34ffe00000-34fff4d000 r-xp 00000000 08:03 6717449 /lib64/libc-2.5.so 34fff4d000-350014d000 ---p 0014d000 08:03 6717449 /lib64/libc-2.5.so 350014d000-3500151000 r--p 0014d000 08:03 6717449 /lib64/libc-2.5.so 3500151000-3500152000 rw-p 00151000 08:03 6717449 /lib64/libc-2.5.so 3500152000-3500157000 rw-p 3500152000 00:00 0 3500200000-3500202000 r-xp 00000000 08:03 6717453 /lib64/libdl-2.5.so 3500202000-3500402000 ---p 00002000 08:03 6717453 /lib64/libdl-2.5.so 3500402000-3500403000 r--p 00002000 08:03 6717453 /lib64/libdl-2.5.so 3500403000-3500404000 rw-p 00003000 08:03 6717453 /lib64/libdl-2.5.so 3500a00000-3500a82000 r-xp 00000000 08:03 6717475 /lib64/libm-2.5.so 3500a82000-3500c81000 ---p 00082000 08:03 6717475 /lib64/libm-2.5.so 3500c81000-3500c82000 r--p 00081000 08:03 6717475 /lib64/libm-2.5.so 3500c82000-3500c83000 rw-p 00082000 08:03 6717475 /lib64/libm-2.5.so 3502200000-350220d000 r-xp 00000000 08:03 6717498 /lib64/libgcc_s-4.1.2-20080825.so.1 350220d000-350240d000 ---p 0000d000 08:03 6717498 /lib64/libgcc_s-4.1.2-20080825.so.1 350240d000-350240e000 rw-p 0000d000 08:03 6717498 /lib64/libgcc_s-4.1.2-20080825.so.1 3502a00000-3502a15000 r-xp 00000000 08:03 6717610 /lib64/libnsl-2.5.so 3502a15000-3502c14000 ---p 00015000 08:03 6717610 /lib64/libnsl-2.5.so 3502c14000-3502c15000 r--p 00014000 08:03 6717610 /lib64/libnsl-2.5.so 3502c15000-3502c16000 rw-p 00015000 08:03 6717610 /lib64/libnsl-2.5.so 3502c16000-3502c18000 rw-p 3502c16000 00:00 0 3502e00000-3502e11000 r-xp 00000000 08:03 6717623 /lib64/libresolv-2.5.so 3502e11000-3503011000 ---p 00011000 08:03 6717623 /lib64/libresolv-2.5.so 3503011000-3503012000 r--p 00011000 08:03 6717623 /lib64/libresolv-2.5.so 3503012000-3503013000 rw-p 00012000 08:03 6717623 /lib64/libresolv-2.5.so 3503013000-3503015000 rw-p 3503013000 00:00 0 2ac3a7183000-2ac3a7184000 rw-p 2ac3a7183000 00:00 0 2ac3a718b000-2ac3a718f000 rw-p 2ac3a718b000 00:00 0 2ac3a718f000-2ac3aa767000 r--p 00000000 08:03 13904224 /usr/lib/locale/locale-archive 2ac3aa76e000-2ac3aa778000 r-xp 00000000 08:03 6717464 /lib64/libnss_files-2.5.so 2ac3aa778000-2ac3aa977000 ---p 0000a000 08:03 6717464 /lib64/libnss_files-2.5.so 2ac3aa977000-2ac3aa978000 r--p 00009000 08:03 6717464 /lib64/libnss_files-2.5.so 2ac3aa978000-2ac3aa979000 rw-p 0000a000 08:03 6717464 /lib64/libnss_files-2.5.so 7fff14d00000-7fff14d15000 rw-p 7ffffffea000 00:00 0 [stack] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso] Aborted Expected results: That it works. Additional info:
AFAICT this fix was back ported to the -el5 release as per the changelogs here * Sun Sep 28 2008 Mike McGrath <mmcgrath> 1.4.13-4 - Upstream released new version #464419 - Added patch fix for check_linux_raid #253898 - Upstream releases fix for #451015 - check_ntp_peers - Upstream released fix for #459309 - check_ntp - Added Provides Nagios::Plugins for #457404 - Fixed configure line for #458985 check_procs As per this bug report https://bugzilla.redhat.com/show_bug.cgi?id=451015
*** Bug 571372 has been marked as a duplicate of this bug. ***
First, sorry about the duplicate bug report. This seems to be fixed in 1.4.13-15.el5 but it was nor released nor built, and anyway the cvs is in an inconsistent state : [xavierb@bilbon EL-5]$ make srpm rpmbuild --define "_sourcedir /home/xavierb/fedora/nagios-plugins/EL-5" --define "_specdir /home/xavierb/fedora/nagios-plugins/EL-5" --define "_builddir /home/xavierb/fedora/nagios-plugins/EL-5" --define "_srcrpmdir /home/xavierb/fedora/nagios-plugins/EL-5" --define "_rpmdir /home/xavierb/fedora/nagios-plugins/EL-5" --define "dist .el5" --define "rhel 5" --define "el5 1" --define "_source_filedigest_algorithm 1" --define "_binary_filedigest_algorithm 1" --nodeps -bs nagios-plugins.spec error: Bad source: /home/xavierb/fedora/nagios-plugins/EL-5/nagios-plugins-1.4.13-ntp.patch: No such file or directory The patch for this bug is missing from the EL-5 branch.
*** Bug 571870 has been marked as a duplicate of this bug. ***
Peter, I have to agree with Xavier. According to the actual nagios-plugin ChangeLogs (not the RPM ones, but from the tarball), this is the entry where the buffer overflow was fixed: 2008-11-19 Thomas Guyot-Sionnest <dermoth.net> * NEWS, plugins/check_ntp.c, plugins/check_ntp_peer.c: Fixed buffer overflow in check_ntp/check_ntp_peer (#1999319, Ubuntu #291265) git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2086 f882894a-f735-0410-b71e-b25c42 3dba1c The most recent ChangeLog in from the nagios-plugins-1.4.13 SRPM is: 2008-09-25 08:04 tonvoon * [r2056] plugins/tests/check_http.t: Fix small test failure Almost two months earlier. Also, there doesn't seem to be any patch added to the build that addresses anything with the check_ntp_* plugins. What is the chance that we could either get a rebuild with the relevent check_ntp_* buffer overflow patch applied or (preferred) a rebuild against the 1.4.14 source?
> What is the chance that we could either get a rebuild with the relevent > check_ntp_* buffer overflow patch applied or (preferred) a rebuild against the > 1.4.14 source? Every chance, I've only just taken over co-maintainer ship of the plugins so are basing my information from logs. Looking at the change log here (details quoted above) http://koji.fedoraproject.org/koji/buildinfo?buildID=109396 and the original mention above here http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1999319&group_id=29880 which from the horrible change log and no reference to source repo logs I AFAICT had the fix in September (as mentioned in your post quoting change log Sept 25th) it looked to me like we pulled in the fix 3 days later. I will endeavour to investigate further tomorrow and compare the patch with the one in the above fore mentioned or cvs.
I'll update nagios-plugins to 1.4.14 very soon.
nagios-plugins-1.4.14-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/nagios-plugins-1.4.14-1.el5
Folks, I just updated nagios-plugins for EL-5 up to ver. 1.4.14 - please test and provide feedback. Fortunately, fedora branches already contains fix for this particular issue, so I'll update nagios-plugins here a little later (there are FTBFS issues in F-12 and F-13, which should be fixed first).
nagios-plugins-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nagios-plugins'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/nagios-plugins-1.4.14-1.el5
Installed the new RPMs and check_ntp_peer i now working fine: [root@centos-5-amd64 tom]# /usr/lib64/nagios/plugins/check_ntp_peer -H time.straycat.dhs.org NTP OK: Offset -0.000124 secs|offset=-0.000124s;60.000000;120.000000; I looked at the changelog for 1.4.14 and I'll just note this line from it: * Extra-opts (C plugins) does not allow trailing comments anymore (like N::P) There were a bunch of fixes for --extra-opts in this release. Among the changes is it looks like C plugins can no longer have trailing comments in .ini files which matches the behavior of the perl based plugins. I know EPEL's requirements wrt config file changes is stricter than Fedora's so I'm pointing this out. On the plus side, after an update an affected user will get a notification when their checks fail.
The new RPMs also fix check_ntp_peer for us and otherwise seem to be working fine. +1 for promotion from testing to stable (unless there are other pending concerns).
nagios-plugins-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.