[monitoring-plugins] plugins/check_ntp.c - Verify struct from response

Sat, 28 Jun 2014 13:20:23 -0700 

    Module: monitoring-plugins
    Branch: master
    Commit: a04df3e1b67dc5eab3adc202cc89901f801cdeaa
    Author: Spenser Reinhardt <[email protected]>
 Committer: Jan Wagner <[email protected]>
      Date: Sun Jun 22 14:49:25 2014 -0500
       URL: 
https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=a04df3e

plugins/check_ntp.c - Verify struct from response

Coverity 66524 - req.data is not neccessarily null terminated but still feed to 
printf statements. This both does that, and verifies the struct more so than 
before. - SR

---

 plugins/check_ntp.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 0a7640a..09a923e 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t 
opcode, uint16_t seq){
 double jitter_request(const char *host, int *status){
        int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
        int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
-       int peers_size=0, peer_offset=0;
+       int peers_size=0, peer_offset=0, bytes_read=0;
        ntp_assoc_status_pair *peers=NULL;
        ntp_control_message req;
        const char *getvar = "jitter";
        double rval = 0.0, jitter = -1.0;
        char *startofvalue=NULL, *nptr=NULL;
        void *tmp;
+       int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
 
        /* Long-winded explanation:
         * Getting the jitter requires a number of steps:
@@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){
 
                                req.count = htons(MAX_CM_SIZE);
                                DBG(printf("recieving READVAR response...\n"));
-                               read(conn, &req, SIZEOF_NTPCM(req));
+
+                               /* cov-66524 - req.data not null terminated 
before usage. Also covers verifying struct was returned correctly*/
+                               if ((bytes_read = read(conn, &req, 
SIZEOF_NTPCM(req))) == -1)
+                                       die(STATE_UNKNOWN, _("Cannot read from 
socket: %s"), strerror(errno));
+                               if (bytes_read != ntp_cm_ints + req.count)
+                                       die(STATE_UNKNOWN, _("Invalid NTP 
response: %d bytes read does not equal %d plus %d data segment"), bytes_read, 
ntp_cm_ints, req.count); 
+                               /* else null terminate */
+                               strncpy(req.data[req.count], "\0", 1);
+
                                DBG(print_ntp_control_message(&req));
 
                                if(req.op&REM_ERROR && strstr(getvar, 
"jitter")) {

Reply via email to