[collectd] notify_email plugin

Oleg King king2 at kaluga.ru
Wed Jun 4 13:44:10 CEST 2008 

Hello, Sebastian.

>> >>     if ( !(message = smtp_add_message (session))) {
>> >>         ERROR ("notify_email plugin: cannot set SMTP message");
>> >>         return (-1);   
>> > Don't you have to destroy the session, etc. before you return from the
>> > function in case of an error?

>> Yes, this is exactly as example from libesmtp does. libesmtp has
>> documented approx. half of its functions, and workflow exists only in
>> example file. So I think nobody knows it for sure :)

> Hmkay... I'm pretty sure that each create- or init-function comes along
> with a matching destroy- or similar function which imho should be called
> in any case - else memory might leak.

Anyway, I moved init-part away from this part of code.
If we cannot send message - we just cannot send message. We should
not destroy libesmtp objects, we will destroy them in shutdown
function.

>> >> static int notify_email_notification (const notification_t *n)
>> > [...]
>> >>       sprintf (subject, smtp_subject == NULL ? DEFAULT_SMTP_SUBJECT : smtp_subject, severity, n->host);
>> 
>> > While this is a really nice feature, it requires some input validation.
>> > Image the user specifies more than two conversion specifications
>> > (%somethings) - then random memory is read to fetch subsequent
>> > parameters which is really not what we want. Also, the verification
>> > should check if a string (%s) has been specified.
>> 
>> As I know sprintf should not do substitutions more than number of
>> arguments and more then number of %something.

> Well, short answer: no.

> Somewhat longer answer: Any %something usually consumes on ore more
> arguments (usually just one, but there are some rare cases where more
> than one argument may be consumed). So, the number of consumed arguments
> is _only_ determined by the number of %somethings. The printf function
> does not know how many arguments have actually been passed to it, so it
> will happily (try to) read further arguments until it processed all
> %somethings. So, if there are more %somethings than actual arguments,
> printf will read random memory and possibly segfault when trying to do
> so.

wow. I'm thinking about removing customisable subject.. :)

-- 
WBR,
 Oleg                          mailto:king2 at kaluga.ru

More information about the collectd mailing list