Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch')
-rw-r--r--net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch175
1 files changed, 175 insertions, 0 deletions
diff --git a/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch b/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch
new file mode 100644
index 000000000000..9d9536747794
--- /dev/null
+++ b/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch
@@ -0,0 +1,175 @@
+commit d97e03f32741a7d851826b03ed73ff4c9612a866
+Author: Eric Stanley <estanley@nagios.com>
+Date: Fri Dec 20 13:14:30 2013 -0600
+
+ CGIs: Fixed minor vulnerability where a custom query could crash the CGI.
+
+ Most CGIs previously incremented the input variable counter twice when
+ it encountered a long key value. This could cause the CGI to read past
+ the end of the list of CGI variables. This commit removes the second
+ increment, removing the possibility of reading past the end of the list
+ of CGI variables.
+
+diff --git a/cgi/avail.c b/cgi/avail.c
+index 76afd86..64eaadc 100644
+--- a/cgi/avail.c
++++ b/cgi/avail.c
+@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/cmd.c b/cgi/cmd.c
+index fa6cf5a..50504eb 100644
+--- a/cgi/cmd.c
++++ b/cgi/cmd.c
+@@ -311,7 +311,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/config.c b/cgi/config.c
+index f061b0f..3360e70 100644
+--- a/cgi/config.c
++++ b/cgi/config.c
+@@ -344,7 +344,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/extinfo.c b/cgi/extinfo.c
+index 62a1b18..5113df4 100644
+--- a/cgi/extinfo.c
++++ b/cgi/extinfo.c
+@@ -591,7 +591,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/histogram.c b/cgi/histogram.c
+index 4616541..f6934d0 100644
+--- a/cgi/histogram.c
++++ b/cgi/histogram.c
+@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/notifications.c b/cgi/notifications.c
+index 8ba11c1..461ae84 100644
+--- a/cgi/notifications.c
++++ b/cgi/notifications.c
+@@ -327,7 +327,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/outages.c b/cgi/outages.c
+index 426ede6..cb58dee 100644
+--- a/cgi/outages.c
++++ b/cgi/outages.c
+@@ -225,7 +225,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/status.c b/cgi/status.c
+index 3253340..4ec1c92 100644
+--- a/cgi/status.c
++++ b/cgi/status.c
+@@ -567,7 +567,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/statusmap.c b/cgi/statusmap.c
+index ea48368..2580ae5 100644
+--- a/cgi/statusmap.c
++++ b/cgi/statusmap.c
+@@ -400,7 +400,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/statuswml.c b/cgi/statuswml.c
+index bd8cea2..d25abef 100644
+--- a/cgi/statuswml.c
++++ b/cgi/statuswml.c
+@@ -226,8 +226,13 @@ int process_cgivars(void) {
+
+ for(x = 0; variables[x] != NULL; x++) {
+
++ /* do some basic length checking on the variable identifier to prevent buffer overflows */
++ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
++ continue;
++ }
++
+ /* we found the hostgroup argument */
+- if(!strcmp(variables[x], "hostgroup")) {
++ else if(!strcmp(variables[x], "hostgroup")) {
+ display_type = DISPLAY_HOSTGROUP;
+ x++;
+ if(variables[x] == NULL) {
+diff --git a/cgi/summary.c b/cgi/summary.c
+index 126ce5e..749a02c 100644
+--- a/cgi/summary.c
++++ b/cgi/summary.c
+@@ -725,7 +725,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/cgi/trends.c b/cgi/trends.c
+index b35c18e..895db01 100644
+--- a/cgi/trends.c
++++ b/cgi/trends.c
+@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git a/contrib/daemonchk.c b/contrib/daemonchk.c
+index 78716e5..9bb6c4b 100644
+--- a/contrib/daemonchk.c
++++ b/contrib/daemonchk.c
+@@ -174,7 +174,6 @@ static int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+ }