[gentoo-commits] gentoo-x86 commit in net-analyzer/nagios-plugins/files: nagios-plugins-1.4.10-check_http.patch digest-nagios-plugins-1.4.10-r1 CVE-2007-5623.patch - gentoo-commits

From:	"Tobias Scherbaum (dertobi123)" <dertobi123@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-analyzer/nagios-plugins/files: nagios-plugins-1.4.10-check_http.patch digest-nagios-plugins-1.4.10-r1 CVE-2007-5623.patch
Date:	Mon, 29 Oct 2007 19:51:41
Message-Id:	`E1Imae7-0007vg-MZ@stork.gentoo.org`

1

dertobi123    07/10/29 19:51:35

2

3

  Added:                nagios-plugins-1.4.10-check_http.patch

4

                        digest-nagios-plugins-1.4.10-r1 CVE-2007-5623.patch

5

  Log:

6

  Revbump, fixes for CVE-2007-5623 and CVE-2007-5198

7

  (Portage version: 2.1.3.16)

8

9

Revision  Changes    Path

10

1.1                  net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&content-type=text/plain

14

15

Index: nagios-plugins-1.4.10-check_http.patch

16

===================================================================

17

--- plugins/check_http.c.old	2007-07-21 18:29:01.000000000 +0200

18

+++ plugins/check_http.c	2007-10-14 22:05:26.000000000 +0200

19

@@ -1092,7 +1092,7 @@ redir (char *pos, char *status_line)

20

     die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n"));

21

22

   while (pos) {

23

-    sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);

24

+    sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);

25

     if (i == 0) {

26

       pos += (size_t) strcspn (pos, "\r\n");

27

       pos += (size_t) strspn (pos, "\r\n");

1.1                  net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1

32

33

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&view=markup

34

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&content-type=text/plain

35

36

Index: digest-nagios-plugins-1.4.10-r1

37

===================================================================

38

MD5 c67841223864ae1626ab2adb2f0b4c9d nagios-plugins-1.4.10.tar.gz 1693979

39

RMD160 8f8167f07d6162165d7cb38c9c09ebff418151bd nagios-plugins-1.4.10.tar.gz 1693979

40

SHA256 193ef480cd2b98d63de9183a83e277d6ef3b55032f44bd76616ef5e7a3d4a76e nagios-plugins-1.4.10.tar.gz 1693979

1.1                  net-analyzer/nagios-plugins/files/CVE-2007-5623.patch

45

46

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&view=markup

47

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&content-type=text/plain

48

49

Index: CVE-2007-5623.patch

50

===================================================================

51

--- plugins/check_snmp.c.old	2007-05-29 07:22:32.000000000 +0200

52

+++ plugins/check_snmp.c	2007-10-17 22:08:49.000000000 +0200

53

@@ -219,12 +219,16 @@ main (int argc, char **argv)

54

55

 	ptr = output;

56

57

-	strcat(perfstr, "| ");

58

+	strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);

59

 	while (ptr) {

60

 		char *foo;

61

+		unsigned int copylen;

62

63

 		foo = strstr (ptr, delimiter);

64

-		strncat(perfstr, ptr, foo-ptr);

65

+		copylen = foo-ptr;

66

+		if (copylen > sizeof(perfstr)-strlen(perfstr)-1)

67

+			copylen = sizeof(perfstr)-strlen(perfstr)-1;

68

+		strncat(perfstr, ptr, copylen);

69

 		ptr = foo; 

70

71

 		if (ptr == NULL)

72

@@ -357,11 +361,11 @@ main (int argc, char **argv)

73

74

 		i++;

75

76

-		strcat(perfstr, "=");

77

-		strcat(perfstr, show);

78

+		strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);

79

+		strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);

80

 		if (type)

81

-			strcat(perfstr, type);

82

-		strcat(perfstr, " ");

83

+			strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);

84

+		strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);

85

86

 	}	/* end while (ptr) */

--

92

gentoo-commits@g.o mailing list

1	dertobi123 07/10/29 19:51:35
2
3	Added: nagios-plugins-1.4.10-check_http.patch
4	digest-nagios-plugins-1.4.10-r1 CVE-2007-5623.patch
5	Log:
6	Revbump, fixes for CVE-2007-5623 and CVE-2007-5198
7	(Portage version: 2.1.3.16)
8
9	Revision Changes Path
10	1.1 net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch?rev=1.1&content-type=text/plain
14
15	Index: nagios-plugins-1.4.10-check_http.patch
16	===================================================================
17	--- plugins/check_http.c.old 2007-07-21 18:29:01.000000000 +0200
18	+++ plugins/check_http.c 2007-10-14 22:05:26.000000000 +0200
19	@@ -1092,7 +1092,7 @@ redir (char pos, char status_line)
20	die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n"));
21
22	while (pos) {
23	- sscanf (pos, "%[Ll]%[Oo]%[Cc]%[Aa]%[Tt]%[Ii]%[Oo]%*[Nn]:%n", xx, &i);
24	+ sscanf (pos, "%1[Ll]%[Oo]%[Cc]%[Aa]%[Tt]%[Ii]%[Oo]%*[Nn]:%n", xx, &i);
25	if (i == 0) {
26	pos += (size_t) strcspn (pos, "\r\n");
27	pos += (size_t) strspn (pos, "\r\n");
28
29
30
31	1.1 net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1
32
33	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&view=markup
34	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1?rev=1.1&content-type=text/plain
35
36	Index: digest-nagios-plugins-1.4.10-r1
37	===================================================================
38	MD5 c67841223864ae1626ab2adb2f0b4c9d nagios-plugins-1.4.10.tar.gz 1693979
39	RMD160 8f8167f07d6162165d7cb38c9c09ebff418151bd nagios-plugins-1.4.10.tar.gz 1693979
40	SHA256 193ef480cd2b98d63de9183a83e277d6ef3b55032f44bd76616ef5e7a3d4a76e nagios-plugins-1.4.10.tar.gz 1693979
41
42
43
44	1.1 net-analyzer/nagios-plugins/files/CVE-2007-5623.patch
45
46	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&view=markup
47	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch?rev=1.1&content-type=text/plain
48
49	Index: CVE-2007-5623.patch
50	===================================================================
51	--- plugins/check_snmp.c.old 2007-05-29 07:22:32.000000000 +0200
52	+++ plugins/check_snmp.c 2007-10-17 22:08:49.000000000 +0200
53	@@ -219,12 +219,16 @@ main (int argc, char **argv)
54
55	ptr = output;
56
57	- strcat(perfstr, "\| ");
58	+ strncat(perfstr, "\| ", sizeof(perfstr)-strlen(perfstr)-1);
59	while (ptr) {
60	char *foo;
61	+ unsigned int copylen;
62
63	foo = strstr (ptr, delimiter);
64	- strncat(perfstr, ptr, foo-ptr);
65	+ copylen = foo-ptr;
66	+ if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
67	+ copylen = sizeof(perfstr)-strlen(perfstr)-1;
68	+ strncat(perfstr, ptr, copylen);
69	ptr = foo;
70
71	if (ptr == NULL)
72	@@ -357,11 +361,11 @@ main (int argc, char **argv)
73
74	i++;
75
76	- strcat(perfstr, "=");
77	- strcat(perfstr, show);
78	+ strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
79	+ strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
80	if (type)
81	- strcat(perfstr, type);
82	- strcat(perfstr, " ");
83	+ strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
84	+ strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
85
86	} /* end while (ptr) */
87
88
89
90
91	--
92	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits