$OpenBSD: patch-src_nrpe_c,v 1.9 2014/07/22 08:55:45 jca Exp $

- http://seclists.org/fulldisclosure/2014/Apr/240 plus \r suggested on oss-sec
- fix reading of non-blocking sockets
- don't remove the pidfile when accept(2) or getpeername(2) fail.
  Author: Hiren Patel
  From: http://comments.gmane.org/gmane.network.nagios.devel/6774
  Bug-Ubuntu: https://launchpad.net/bugs/1126890

--- src/nrpe.c.orig	Fri Sep  6 17:27:13 2013
+++ src/nrpe.c	Tue Jul 22 00:52:20 2014
@@ -30,6 +30,8 @@
 #include "utils.h"
 #include "acl.h"
 
+#include <poll.h>
+
 #ifdef HAVE_SSL
 #include "../include/dh.h"
 #endif
@@ -53,7 +55,7 @@ int use_ssl=FALSE;
 
 #define DEFAULT_COMMAND_TIMEOUT	60			/* default timeout for execution of plugins */
 #define MAXFD                   64
-#define NASTY_METACHARS         "|`&><'\"\\[]{};"
+#define NASTY_METACHARS         "|`&><'\"\\[]{};\r\n"
 #define howmany(x,y)	(((x)+((y)-1))/(y))
 #define MAX_LISTEN_SOCKS        16
 
@@ -61,7 +63,7 @@ int use_ssl=FALSE;
 char    *command_name=NULL;
 char    *macro_argv[MAX_COMMAND_ARGUMENTS];
 
-char    config_file[MAX_INPUT_BUFFER]="nrpe.cfg";
+char    config_file[MAX_INPUT_BUFFER]="${SYSCONFDIR}/nrpe.cfg";
 int     log_facility=LOG_DAEMON;
 int     server_port=DEFAULT_SERVER_PORT;
 char    server_address[NI_MAXHOST]="";
@@ -969,8 +971,14 @@ void wait_for_connections(void){
 					continue;
 
 				/* socket is nonblocking and we don't have a connection yet */
-				if(errno==EAGAIN)
+				if(errno==EAGAIN){
+					struct pollfd pfd;
+
+					pfd.fd = sock;
+					pfd.events = POLLIN;
+					poll(&pfd,1,-1);
 					continue;
+					}
 
 				/* fix for HP-UX 11.0 - just retry */
 				if(errno==ENOBUFS)
@@ -998,7 +1006,7 @@ void wait_for_connections(void){
 						/* close socket prioer to exiting */
 						close(sock);
 			
-						return;
+						exit(STATE_CRITICAL);
 						}
 
 					/* handle signals */
@@ -1022,7 +1030,7 @@ void wait_for_connections(void){
 				        /* close socket prior to exiting */
 						close(new_sd);
 
-						return;
+						exit(STATE_CRITICAL);
 						}
 
 					/* is this is a blessed machine? */
