Segfaults when NRPE is called with --no-ssl

sean finney seanius at seanius.net
Sat Apr 8 15:08:36 CEST 2006 

hey ethan,

looks like there are some unconditional free()'s in nrpe that
act on uninitialized pointers if --no-ssl is used.  a patch is 
was provided by the bug reporter, and is attached.

the original bugreport can be found at:

	http://bugs.debian.org/361233


	sean
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_nrpe.c_invalid_free.dpatch by  <seanius at debian.org>
##
## DP: patch from Peter Palfrader <weasel at debian.org> to not call free()
## DP: on unitialized pointers when --no-ssl is used.

@DPATCH@
diff -urNad --exclude=CVS --exclude=.svn ./src/nrpe.c /home/sean/tmp/dpep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c
--- ./src/nrpe.c	2006-04-08 15:01:37.000000000 +0200
+++ /home/sean/tmp/dpep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c	2006-04-08 15:01:42.000000000 +0200
@@ -1017,9 +1017,11 @@
 		syslog(LOG_ERR,"Could not read request from client, bailing out...");
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
-		syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+			}
 #endif
 
 		return;
@@ -1032,8 +1034,10 @@
 		syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			}
 #endif
 
 		return;
@@ -1062,8 +1066,10 @@
 	                }
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			}
 #endif
 
 		return;
@@ -1186,8 +1192,10 @@
 #endif
 
 #ifdef HAVE_SSL
-	SSL_shutdown(ssl);
-	SSL_free(ssl);
+	if (ssl) {
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		}
 #endif
 
 	/* log info to syslog facility */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060408/5ea3fd41/attachment.sig>

More information about the Developers mailing list