[Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline

SourceForge.net noreply at sourceforge.net
Wed Mar 11 22:24:04 CET 2009


Bugs item #1985230, was opened at 2008-06-05 03:46
Message generated for change (Comment added) made by mechanyx
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Argument proccessing
Group: CVS
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Jan Wagner (cyco_dd)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_snmp does not allow " chars in cmdline

Initial Comment:
The following Bugreport we got against our debian package:

snmpd can be queried for customized "extend"s.
A configured extend like
    extend avail_mem /usr/local/bin/check_avail_mem.pl
can be queried as
    snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"'
    NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764

If you try to query this with check_snmp like
    check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"'
this results into
    Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime"

Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in
the command line and bails out with above error.

I fixed this by commenting out the follwing block:

--- popen.c.old 2008-01-12 14:16:39.000000000 +0100
+++ popen.c     2008-01-12 14:16:54.000000000 +0100
@@ -133,8 +133,10 @@
        strcpy (cmd, cmdstring);

        /* This is not a shell, so we don't handle "???" */
+/*
        if (strstr (cmdstring, "\""))
                return NULL;
+*/

        /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */
        if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''"))

You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405

Thanks and kind regards, Jan.

----------------------------------------------------------------------

Comment By: Richard Edward Horner (mechanyx)
Date: 2009-03-11 16:24

Message:
I'm not sure if this is related or not, but I had a similar problem with
check_snmp where the community string on a network device contained a
dollar sign ($). I was unable to get the check to run with that community
string. I apologize as I do not remember exactly what Nagios output when I
tried various methods of quoting or escaping it. I ended up changing the
community string on the device.

Thanks, Rich(ard)

----------------------------------------------------------------------

Comment By: John A. Barbuto (jbarbuto)
Date: 2009-03-11 15:34

Message:
I looked into writing a patch using the runcmd library, but I don't see
this function you're referring to.
np_runcmd_open() looks pretty similar to spopen(), with the same double
quotes restriction.

The old exec method of running external commands is deprecated, so I'd
really like to get extend working.

----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2009-02-19 19:11

Message:
I don't think this is a valid fix. Preferably check_snmp should be switched
to use the runcmd library instead, which has a function to pass a varg list
for the command to run, thereby avoiding shell quotation. 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880




More information about the Devel mailing list