Various bug fixes

Changelog

@@ -3,13 +3,16 @@ NRPE Changelog
 **************
 
 
-2.1 - ??/??/2003
+2.1 - 01/19/2004
 ----------------
 - Replaced host access list with TCP wrapper support
 - Removed length restrictions for command names and command lines
 - Configure script patch for getopt_long on Solaris
 - Bug fixes for accept() on HP-UX 11.0
 - Init script for SUSE Linux (Subhendu Ghosh)
+- SSL protocol used is now limited to TLSv1
+- Any output from plugins after first line is now ignored before
+  plugin process is closed
 
 
 2.0 - 09/08/2003

configure

@@ -537,7 +537,7 @@ fi
 PKG_NAME=nrpe
 PKG_VERSION="2.1"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="10-14-2003"
+PKG_REL_DATE="01-19-2004"
 
 
 ac_aux_dir=

configure.in

@@ -11,7 +11,7 @@ AC_PREFIX_DEFAULT(/usr/local/nagios)
 PKG_NAME=nrpe
 PKG_VERSION="2.1"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="10-14-2003"
+PKG_REL_DATE="01-19-2004"
 
 dnl Figure out how to invoke "install" and what install options to use.
 

include/common.h

@@ -24,7 +24,7 @@
 #include "config.h"
 
 #define PROGRAM_VERSION "2.1"
-#define MODIFICATION_DATE "10-14-2003"
+#define MODIFICATION_DATE "01-19-2004"
 
 #define OK		0
 #define ERROR		-1

include/dh.h

@@ -4,12 +4,12 @@
 DH *get_dh512()
 	{
 	static unsigned char dh512_p[]={
-		0xB0,0x05,0xA8,0x33,0xE4,0xDF,0x5B,0x07,0x46,0xD8,0x39,0xC4,
-		0x02,0xE7,0xE9,0xCF,0xE7,0x73,0xD1,0x49,0x8E,0x07,0xAA,0xC7,
-		0xB3,0x5D,0xCB,0xDB,0x72,0x16,0x53,0x92,0xC6,0x89,0xF9,0x42,
-		0x65,0xDC,0x78,0x61,0x0A,0x8D,0x2B,0x8E,0x12,0xA3,0x87,0xB8,
-		0x61,0x2E,0x34,0x86,0x85,0x58,0x67,0x69,0x4F,0xE3,0x50,0x49,
-		0xD0,0xED,0x31,0xBB,
+		0xBA,0xB9,0xA1,0x11,0x5A,0xB2,0x92,0xDC,0xF0,0x64,0x37,0x16,
+		0x6D,0x18,0xCD,0x2A,0xEF,0xD4,0x98,0x76,0x04,0x7F,0x59,0x4D,
+		0x71,0xAD,0xE8,0xEF,0x74,0xF0,0x82,0x04,0xDA,0x75,0xC5,0x29,
+		0xE8,0x32,0xE6,0xC4,0xAA,0x09,0xCC,0xD1,0x90,0x23,0xAF,0x74,
+		0x91,0x16,0xFB,0x89,0x0F,0xFF,0xC3,0xCB,0x91,0xE7,0x4F,0xCF,
+		0x5E,0xAE,0x7B,0x7B,
 		};
 	static unsigned char dh512_g[]={
 		0x02,

init-script.debian.in

@@ -20,7 +20,7 @@ stop)	echo -n "Stopping nagios remote plugin daemon: nrpe"
         ;;
 restart) echo -n "Restarting nagios remote plugin daemon: nrpe"
         start-stop-daemon --stop --quiet --exec $NrpeBin
-        start-stop-daemon --start --quiet --exec $NrpeBin
+        start-stop-daemon --start --quiet --exec $NrpeBin -- -c $NrpeCfg -d
         echo "."
         ;;
 reload|force-reload) echo -n "Reloading configuration files for nagios remote plugin daemon: nrpe"

src/check_nrpe.c

@@ -1,10 +1,10 @@
 /********************************************************************************************
  *
  * CHECK_NRPE.C - NRPE Plugin For Nagios
- * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 1999-2004 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 10-14-2003
+ * Last Modified: 01-19-2004
  *
  * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
  *
@@ -70,7 +70,7 @@ int main(int argc, char **argv){
 			printf("Incorrect command line arguments supplied\n");
                 printf("\n");
 		printf("NRPE Plugin for Nagios\n");
-		printf("Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)\n");
+		printf("Copyright (c) 1999-2004 Ethan Galstad (nagios@nagios.org)\n");
 		printf("Version: %s\n",PROGRAM_VERSION);
 		printf("Last Modified: %s\n",MODIFICATION_DATE);
 		printf("License: GPL with exemptions (-l for more info)\n");
@@ -125,6 +125,10 @@ int main(int argc, char **argv){
 			printf("CHECK_NRPE: Error - could not create SSL context.\n");
 			exit(STATE_CRITICAL);
 		        }
+
+		/* ADDED 01/19/2004 */
+		/* use only TLSv1 protocol */
+		SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
                 }
 #endif
 

src/nrpe.c

@@ -1,10 +1,10 @@
 /*******************************************************************************
  *
  * NRPE.C - Nagios Remote Plugin Executor
- * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 1999-2004 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 10-24-2003
+ * Last Modified: 03-06-2004
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -102,7 +102,7 @@ int main(int argc, char **argv){
 
 		printf("\n");
 		printf("NRPE - Nagios Remote Plugin Executor\n");
-		printf("Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)\n");
+		printf("Copyright (c) 1999-2004 Ethan Galstad (nagios@nagios.org)\n");
 		printf("Version: %s\n",PROGRAM_VERSION);
 		printf("Last Modified: %s\n",MODIFICATION_DATE);
 		printf("License: GPL with exemptions (-l for more info)\n");
@@ -207,7 +207,12 @@ int main(int argc, char **argv){
 			syslog(LOG_ERR,"Error: could not create SSL context.\n");
 			exit(STATE_CRITICAL);
 		        }
-		/*SSL_CTX_set_cipher_list(ctx,"ALL");*/
+
+		/* ADDED 01/19/2004 */
+		/* use only TLSv1 protocol */
+		SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
+		/* use anonymous DH ciphers */
 		SSL_CTX_set_cipher_list(ctx,"ADH");
 		dh=get_dh512();
 		SSL_CTX_set_tmp_dh(ctx,dh);
@@ -227,6 +232,10 @@ int main(int argc, char **argv){
 		/* make sure we're not root */
 		check_privileges();
 
+		/* redirect STDERR to /dev/null
+		close(2);
+		open("/dev/null",O_WRONLY);
+
 		/* handle the connection */
 		handle_connection(0);
 	        }
@@ -1034,6 +1043,7 @@ int my_system(char *command,int timeout,int *early_timeout,char *output,int outp
 	int result;
 	extern int errno;
 	char buffer[MAX_INPUT_BUFFER];
+	char temp_buffer[MAX_INPUT_BUFFER];
 	int fd[2];
 	FILE *fp;
 	int bytes_read=0;
@@ -1112,6 +1122,10 @@ int my_system(char *command,int timeout,int *early_timeout,char *output,int outp
 			strcpy(buffer,"");
 			fgets(buffer,sizeof(buffer)-1,fp);
 
+			/* ADDED 01/19/2004 */
+			/* ignore any additional lines of output */
+			while(fgets(temp_buffer,sizeof(temp_buffer)-1,fp));
+
 			/* close the command and get termination status */
 			status=pclose(fp);