1 |
dertobi123 07/10/29 19:51:35 |
2 |
|
3 |
Added: nagios-plugins-1.4.10-check_http.patch |
4 |
digest-nagios-plugins-1.4.10-r1 CVE-2007-5623.patch |
5 |
Log: |
6 |
Revbump, fixes for CVE-2007-5623 and CVE-2007-5198 |
7 |
(Portage version: 2.1.3.16) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: nagios-plugins-1.4.10-check_http.patch |
16 |
=================================================================== |
17 |
--- plugins/check_http.c.old 2007-07-21 18:29:01.000000000 +0200 |
18 |
+++ plugins/check_http.c 2007-10-14 22:05:26.000000000 +0200 |
19 |
@@ -1092,7 +1092,7 @@ redir (char *pos, char *status_line) |
20 |
die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n")); |
21 |
|
22 |
while (pos) { |
23 |
- sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i); |
24 |
+ sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i); |
25 |
if (i == 0) { |
26 |
pos += (size_t) strcspn (pos, "\r\n"); |
27 |
pos += (size_t) strspn (pos, "\r\n"); |
28 |
|
29 |
|
30 |
|
31 |
1.1 net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1 |
32 |
|
33 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&view=markup |
34 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&content-type=text/plain |
35 |
|
36 |
Index: digest-nagios-plugins-1.4.10-r1 |
37 |
=================================================================== |
38 |
MD5 c67841223864ae1626ab2adb2f0b4c9d nagios-plugins-1.4.10.tar.gz 1693979 |
39 |
RMD160 8f8167f07d6162165d7cb38c9c09ebff418151bd nagios-plugins-1.4.10.tar.gz 1693979 |
40 |
SHA256 193ef480cd2b98d63de9183a83e277d6ef3b55032f44bd76616ef5e7a3d4a76e nagios-plugins-1.4.10.tar.gz 1693979 |
41 |
|
42 |
|
43 |
|
44 |
1.1 net-analyzer/nagios-plugins/files/CVE-2007-5623.patch |
45 |
|
46 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&view=markup |
47 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&content-type=text/plain |
48 |
|
49 |
Index: CVE-2007-5623.patch |
50 |
=================================================================== |
51 |
--- plugins/check_snmp.c.old 2007-05-29 07:22:32.000000000 +0200 |
52 |
+++ plugins/check_snmp.c 2007-10-17 22:08:49.000000000 +0200 |
53 |
@@ -219,12 +219,16 @@ main (int argc, char **argv) |
54 |
|
55 |
ptr = output; |
56 |
|
57 |
- strcat(perfstr, "| "); |
58 |
+ strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1); |
59 |
while (ptr) { |
60 |
char *foo; |
61 |
+ unsigned int copylen; |
62 |
|
63 |
foo = strstr (ptr, delimiter); |
64 |
- strncat(perfstr, ptr, foo-ptr); |
65 |
+ copylen = foo-ptr; |
66 |
+ if (copylen > sizeof(perfstr)-strlen(perfstr)-1) |
67 |
+ copylen = sizeof(perfstr)-strlen(perfstr)-1; |
68 |
+ strncat(perfstr, ptr, copylen); |
69 |
ptr = foo; |
70 |
|
71 |
if (ptr == NULL) |
72 |
@@ -357,11 +361,11 @@ main (int argc, char **argv) |
73 |
|
74 |
i++; |
75 |
|
76 |
- strcat(perfstr, "="); |
77 |
- strcat(perfstr, show); |
78 |
+ strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1); |
79 |
+ strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1); |
80 |
if (type) |
81 |
- strcat(perfstr, type); |
82 |
- strcat(perfstr, " "); |
83 |
+ strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); |
84 |
+ strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); |
85 |
|
86 |
} /* end while (ptr) */ |
87 |
|
88 |
|
89 |
|
90 |
|
91 |
-- |
92 |
gentoo-commits@g.o mailing list |