Home Explore Help
Sign In
LBP
/
nagios-plugins
mirror of https://github.com/nagios-plugins/nagios-plugins.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Clobber password in check_radius process list aguments

git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1994 f882894a-f735-0410-b71e-b25c423dba1c
Thomas Guyot-Sionnest 17 years ago
parent
7e3fc482ed
commit
eaf61e51ac
2 changed files with 11 additions and 5 deletions
Split View Show Diff Stats
  1. 1 1
      NEWS
  2. 10 4
      plugins/check_radius.c

+ 1 - 1
NEWS
View File 

@@ -18,7 +18,7 @@ This file documents the major additions and syntax changes between releases.
 
 	check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453)
 
 	check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help
 
 	check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers)
 
-	check_mysql now try clearing password in processlist just like check_mysql_query
 
+	check_mysql and check_radius now try clearing password in processlist just like check_mysql_query
 
 	check_mysql and check_mysql_query now support sockets explicitely (-s, --socket)
 
 	negate now has the ability to replace the status text as well (-s, --substitute)
 
 	Added performance data to check_ping (Christian Schneemann)

+ 10 - 4
plugins/check_radius.c
View File 

@@ -260,7 +260,13 @@ process_arguments (int argc, char **argv)
 
 			username = optarg;
 
 			break;
 
 		case 'p':									/* password */
 
-			password = optarg;
 
+			password = strdup(optarg);
 
+
 
+			/* Delete the password from process list */
 
+			while (*optarg != '\0') {
 
+				*optarg = 'X';
 
+				optarg++;
 
+			}
 
 			break;
 
 		case 'n':									/* nas id */
 
 			nasid = optarg;
 
@@ -343,9 +349,9 @@ print_help (void)
 
   printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
 
   printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
 
 	printf ("%s\n", _("The password option presents a substantial security issue because the"));
 
-  printf ("%s\n", _("password can be determined by careful watching of the command line in"));
 
-  printf ("%s\n", _("a process listing.  This risk is exacerbated because nagios will"));
 
-  printf ("%s\n", _("run the plugin at regular predictable intervals.  Please be sure that"));
 
+  printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
 
+  printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will"));
 
+  printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that"));
 
   printf ("%s\n", _("the password used does not allow access to sensitive system resources."));
 
 
 #ifdef NP_EXTRA_OPTS