[tokkee]

tokkee.org

Code

projects / nagiosplug.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 122610e)
Fix possible segfault in check_ntp_peer with deliberately invalid packets
authorThomas Guyot-Sionnest <dermoth@users.sourceforge.net>
Tue, 2 Sep 2008 03:42:16 +0000 (03:42 +0000)
committerThomas Guyot-Sionnest <dermoth@users.sourceforge.net>
Tue, 2 Sep 2008 03:42:16 +0000 (03:42 +0000)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2052 f882894a-f735-0410-b71e-b25c423dba1c

NEWS patch | blob | history
plugins/check_ntp_peer.c patch | blob | history

diff --git a/NEWS b/NEWS
index cb68df66688a3714bd9966ac297033eba42791aa..ab597d4d484dbcf0c214d3ac53cf842d988b4b66 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,8 @@ This file documents the major additions and syntax changes between releases.
        check_icmp now supports packet size modification
        check_http -e now accepts a comma-delimited list of expected status codes
        libtap now included with this distribution for easier testing. Run ./configure with --enable-libtap
-       check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented.
+       check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented
+       Fix possible segfault in check_ntp_peer with deliberately invalid packets
 
 1.4.12 27th May 2008
        Added ./check_nt -v INSTANCES to count number of instances (Alessandro Ren)
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 72cec63923995dcfe89ad3381205550c44384914..6a4401cab45b9ffc62060cca609aeea8d12fdc15 100644 (file)
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -299,6 +299,9 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
                        die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
                DBG(print_ntp_control_message(&req));
+               /* discard obviously invalid packets */
+               if (ntohs(req.count) > MAX_CM_SIZE)
+                       die(STATE_CRITICAL, "NTP CRITICAL: Invalid paclet received from NTP server\n");
                if (LI(req.flags) == LI_ALARM) li_alarm = 1;
                /* Each peer identifier is 4 bytes in the data section, which
                 * we represent as a ntp_assoc_status_pair datatype.
NagiosĀ® plugins