Package: monitoring-plugins
Version: 2.2-3
Severity: important
Tags: patch
Hi,
The check_smtp command has a bug when both SSL is enable and check
command (-C) are passed.
The code for check commands is:
while (n < ncommands) {
xasprintf (&cmd_str, "%s%s", commands[n], "\r\n");
my_send(cmd_str, strlen(cmd_str));
…
And this works when SSL is not used, because n in initialized at the
start of main, and not used until this block. However, when SSL is
enabled, n is assigned the size of the server's second EHLO response (I
think in bytes), which will usually be significantly higher than the
command passed. As such, no commands are executed and no responses are
checked, which - silently - defeats the desired checks and results in a
success value.
I've attached a trivial patch which simply initializes n before it is
used, and marked as important because of the silent data loss and
triviality of fixing this. Would appreciate if you can apply and forward
upstream.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.75-teal0 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages monitoring-plugins depends on:
ii monitoring-plugins-basic 2.2-3
ii monitoring-plugins-standard 2.2-3
monitoring-plugins recommends no packages.
Versions of packages monitoring-plugins suggests:
ii icinga2 2.7.0-1
ii nagios-plugins-contrib 21.20170222
-- no debconf information
Description: Fix check_smtp handling of custom commands with SSL
Author: Iustin Pop <ius...@debian.org>
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -293,6 +293,7 @@
printf("%s", buffer);
}
+ n = 0;
while (n < ncommands) {
xasprintf (&cmd_str, "%s%s", commands[n], "\r\n");
my_send(cmd_str, strlen(cmd_str));
