[Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline

SourceForge.net noreply at sourceforge.net
Fri Mar 13 22:14:22 CET 2009

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #1985230, was opened at 2008-06-05 01:46
Message generated for change (Comment added) made by jbarbuto
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Argument proccessing
Group: CVS
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Jan Wagner (cyco_dd)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_snmp does not allow " chars in cmdline

Initial Comment:
The following Bugreport we got against our debian package:

snmpd can be queried for customized "extend"s.
A configured extend like
    extend avail_mem /usr/local/bin/check_avail_mem.pl
can be queried as
    snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"'
    NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764

If you try to query this with check_snmp like
    check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"'
this results into
    Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime"

Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in
the command line and bails out with above error.

I fixed this by commenting out the follwing block:

--- popen.c.old 2008-01-12 14:16:39.000000000 +0100
+++ popen.c     2008-01-12 14:16:54.000000000 +0100
@@ -133,8 +133,10 @@
        strcpy (cmd, cmdstring);

        /* This is not a shell, so we don't handle "???" */
+/*
        if (strstr (cmdstring, "\""))
                return NULL;
+*/

        /* allow single quotes, but only if non-whitesapce doesn't occur on both sides */
        if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''"))

You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405

Thanks and kind regards, Jan.

----------------------------------------------------------------------

>Comment By: John A. Barbuto (jbarbuto)
Date: 2009-03-13 14:14

Message:
tonvoon: I see, I thought you were referring to plugins/runcmd.c.  

I've attached a patch against the SVN trunk that changes check_snmp to use
lib/utils_cmd.c.  It's passed all the tests I've thrown at it, including
extend OIDs.  This wasn't a trivial patch, and my C foo isn't great, so
please modify as necessary.



----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2009-03-12 04:18

Message:
jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c?
This is also used in negate.c. The idea is that if you pass an array of
arguments, there will not be any shell expansion.

mechanyx: There may be quoting that is required at Nagios. If you use $ in
a command argument, you need to escape it with $$.

----------------------------------------------------------------------

Comment By: Richard Edward Horner (mechanyx)
Date: 2009-03-11 14:24

Message:
I'm not sure if this is related or not, but I had a similar problem with
check_snmp where the community string on a network device contained a
dollar sign ($). I was unable to get the check to run with that community
string. I apologize as I do not remember exactly what Nagios output when I
tried various methods of quoting or escaping it. I ended up changing the
community string on the device.

Thanks, Rich(ard)

----------------------------------------------------------------------

Comment By: John A. Barbuto (jbarbuto)
Date: 2009-03-11 13:34

Message:
I looked into writing a patch using the runcmd library, but I don't see
this function you're referring to.
np_runcmd_open() looks pretty similar to spopen(), with the same double
quotes restriction.

The old exec method of running external commands is deprecated, so I'd
really like to get extend working.

----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2009-02-19 16:11

Message:
I don't think this is a valid fix. Preferably check_snmp should be switched
to use the runcmd library instead, which has a function to pass a varg list
for the command to run, thereby avoiding shell quotation. 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list