Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Tobias Scherbaum (dertobi123)" <dertobi123@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-analyzer/nagios-core/files: statuswml-bug275288.patch
Date: Wed, 24 Jun 2009 21:27:27
Message-Id: E1MJa04-0001XG-Lu@stork.gentoo.org
1 dertobi123 09/06/24 21:27:24
2
3 Added: statuswml-bug275288.patch
4 Log:
5 Revbumps to 2.12-r1, 3.0.6-r2 and also bump to 3.1.2. Includes fix for #275288 (remote code execution in statuswml.cgi).
6 (Portage version: 2.2_rc33/cvs/Linux x86_64)
7
8 Revision Changes Path
9 1.1 net-analyzer/nagios-core/files/statuswml-bug275288.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-core/files/statuswml-bug275288.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/nagios-core/files/statuswml-bug275288.patch?rev=1.1&content-type=text/plain
13
14 Index: statuswml-bug275288.patch
15 ===================================================================
16 --- cgi/statuswml.c 2008/11/30 18:13:11 1.27
17 +++ cgi/statuswml.c 2009/06/19 04:30:26 1.28
18 @@ -67,6 +67,8 @@
19 void document_header(void);
20 void document_footer(void);
21 int process_cgivars(void);
22 +int validate_arguments(void);
23 +int is_valid_hostip(char *hostip);
24
25 int display_type=DISPLAY_INDEX;
26 int hostgroup_style=DISPLAY_HOSTGROUP_SUMMARY;
27 @@ -108,6 +110,13 @@
28
29 document_header();
30
31 + /* validate arguments in URL */
32 + result=validate_arguments();
33 + if(result==ERROR){
34 + document_footer();
35 + return ERROR;
36 + }
37 +
38 /* read the CGI configuration file */
39 result=read_cgi_config_file(get_cgi_config_location());
40 if(result==ERROR){
41 @@ -334,7 +343,25 @@
42 return error;
43 }
44
45 +int validate_arguments(void){
46 + int result=OK;
47 + if((strcmp(ping_address,"")) && !is_valid_hostip(ping_address)) {
48 + printf("<p>Invalid host name/ip</p>\n");
49 + result=ERROR;
50 + }
51 + if(strcmp(traceroute_address,"") && !is_valid_hostip(traceroute_address)){
52 + printf("<p>Invalid host name/ip</p>\n");
53 + result=ERROR;
54 + }
55 + return result;
56 + }
57
58 +int is_valid_hostip(char *hostip) {
59 + char *valid_domain_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-";
60 + if(strcmp(hostip,"") && strlen(hostip)==strspn(hostip,valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip)-1] != '-')
61 + return TRUE;
62 + return FALSE;
63 + }
64
65 /* main intro screen */
66 void display_index(void){
Report Message
Find on MARC Find on Google Groups