FreeBSD Bugzilla – Attachment 131163 Details for
Bug 175196
[maintainer-update] net-mgmt/nagios: CVE-2012-6096 Remote Command Execution Vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
net-mgmt-nagios-3.4.3_1.diff
net-mgmt-nagios-3.4.3_1.diff (text/plain), 5.48 KB, created by
Jarrod Sayers
on 2013-01-11 07:10:00 UTC
(
hide
)
Description:
net-mgmt-nagios-3.4.3_1.diff
Filename:
MIME Type:
Creator:
Jarrod Sayers
Created:
2013-01-11 07:10:00 UTC
Size:
5.48 KB
patch
obsolete
>diff -ruN ports/net-mgmt/nagios.orig/Makefile ports/net-mgmt/nagios/Makefile >--- ports/net-mgmt/nagios.orig/Makefile 2013-01-11 05:42:02.403593000 +1030 >+++ ports/net-mgmt/nagios/Makefile 2013-01-11 17:10:30.000000000 +1030 >@@ -3,6 +3,7 @@ > > PORTNAME= nagios > PORTVERSION= 3.4.3 >+PORTREVISION= 1 > CATEGORIES= net-mgmt > MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION} > >diff -ruN ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 ports/net-mgmt/nagios/files/patch-CVE-2012-6096 >--- ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 1970-01-01 09:30:00.000000000 +0930 >+++ ports/net-mgmt/nagios/files/patch-CVE-2012-6096 2013-01-11 17:05:56.000000000 +1030 >@@ -0,0 +1,117 @@ >+--- cgi/getcgi.c.orig 2011-08-17 17:06:27.000000000 +0930 >++++ cgi/getcgi.c 2013-01-11 17:02:53.000000000 +1030 >+@@ -137,14 +137,15 @@ >+ /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */ >+ if(getenv("QUERY_STRING") == NULL) { >+ cgiinput = (char *)malloc(1); >+- if(cgiinput == NULL) { >+- printf("getcgivars(): Could not allocate memory for CGI input.\n"); >+- exit(1); >+- } >+- cgiinput[0] = '\x0'; >++ if(cgiinput != NULL) >++ cgiinput[0] = '\x0'; >+ } >+ else >+ cgiinput = strdup(getenv("QUERY_STRING")); >++ if(cgiinput == NULL) { >++ printf("getcgivars(): Could not allocate memory for CGI input.\n"); >++ exit(1); >++ } >+ } >+ >+ else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) { >+@@ -220,7 +221,12 @@ >+ paircount = 0; >+ nvpair = strtok(cgiinput, "&"); >+ while(nvpair) { >+- pairlist[paircount++] = strdup(nvpair); >++ pairlist[paircount] = strdup(nvpair); >++ if( NULL == pairlist[paircount]) { >++ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount); >++ exit(1); >++ } >++ paircount++; >+ if(!(paircount % 256)) { >+ pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **)); >+ if(pairlist == NULL) { >+@@ -245,13 +251,29 @@ >+ /* get the variable name preceding the equal (=) sign */ >+ if((eqpos = strchr(pairlist[i], '=')) != NULL) { >+ *eqpos = '\0'; >+- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1)); >++ cgivars[i * 2 + 1] = strdup(eqpos + 1); >++ if( NULL == cgivars[ i * 2 + 1]) { >++ printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i); >++ exit(1); >++ } >++ unescape_cgi_input(cgivars[i * 2 + 1]); >++ } >++ else { >++ cgivars[i * 2 + 1] = strdup(""); >++ if( NULL == cgivars[ i * 2 + 1]) { >++ printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i); >++ exit(1); >++ } >++ unescape_cgi_input(cgivars[i * 2 + 1]); >+ } >+- else >+- unescape_cgi_input(cgivars[i * 2 + 1] = strdup("")); >+ >+ /* get the variable value (or name/value of there was no real "pair" in the first place) */ >+- unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i])); >++ cgivars[i * 2] = strdup(pairlist[i]); >++ if( NULL == cgivars[ i * 2]) { >++ printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i); >++ exit(1); >++ } >++ unescape_cgi_input(cgivars[i * 2]); >+ } >+ >+ /* terminate the name-value list */ >+--- cgi/history.c.orig 2011-08-17 17:06:27.000000000 +0930 >++++ cgi/history.c 2013-01-11 17:03:18.000000000 +1030 >+@@ -805,16 +805,22 @@ >+ else if(display_type == DISPLAY_HOSTS) { >+ >+ if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) { >+- sprintf(match1, " HOST ALERT: %s;", host_name); >+- sprintf(match2, " SERVICE ALERT: %s;", host_name); >++ snprintf(match1, sizeof( match1), >++ " HOST ALERT: %s;", host_name); >++ snprintf(match2, sizeof( match2), >++ " SERVICE ALERT: %s;", host_name); >+ } >+ else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) { >+- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name); >+- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name); >++ snprintf(match1, sizeof( match1), >++ " HOST FLAPPING ALERT: %s;", host_name); >++ snprintf(match2, sizeof( match2), >++ " SERVICE FLAPPING ALERT: %s;", host_name); >+ } >+ else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) { >+- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name); >+- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name); >++ snprintf(match1, sizeof( match1), >++ " HOST DOWNTIME ALERT: %s;", host_name); >++ snprintf(match2, sizeof( match2), >++ " SERVICE DOWNTIME ALERT: %s;", host_name); >+ } >+ >+ if(show_all_hosts == TRUE) >+@@ -853,11 +859,11 @@ >+ else if(display_type == DISPLAY_SERVICES) { >+ >+ if(history_type == SERVICE_HISTORY) >+- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description); >++ snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description); >+ else if(history_type == SERVICE_FLAPPING_HISTORY) >+- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); >++ snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); >+ else if(history_type == SERVICE_DOWNTIME_HISTORY) >+- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); >++ snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); >+ >+ if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY)) >+ display_line = TRUE;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 175196
: 131163