Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/zabbix/files/2.2/patches/zbx7479.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/zabbix/files/2.2/patches/zbx7479.patch')
-rw-r--r--net-analyzer/zabbix/files/2.2/patches/zbx7479.patch83
1 files changed, 83 insertions, 0 deletions
diff --git a/net-analyzer/zabbix/files/2.2/patches/zbx7479.patch b/net-analyzer/zabbix/files/2.2/patches/zbx7479.patch
new file mode 100644
index 000000000000..79bb92f4bae0
--- /dev/null
+++ b/net-analyzer/zabbix/files/2.2/patches/zbx7479.patch
@@ -0,0 +1,83 @@
+Index: src/libs/zbxsysinfo/sysinfo.c
+===================================================================
+--- src/libs/zbxsysinfo/sysinfo.c (revision 40348)
++++ src/libs/zbxsysinfo/sysinfo.c (working copy)
+@@ -427,13 +427,49 @@
+ test_aliases();
+ }
+
++static int zbx_check_user_parameter(const char *param, char *error, int max_error_len)
++{
++ const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@\n", *c;
++ char *buf = NULL;
++ size_t buf_alloc = 128, buf_offset = 0;
++
++ if (0 != CONFIG_UNSAFE_USER_PARAMETERS)
++ return SUCCEED;
++
++ for (c = suppressed_chars; '\0' != *c; c++)
++ {
++ if (NULL == strchr(param, *c))
++ continue;
++
++ buf = zbx_malloc(buf, buf_alloc);
++
++ for (c = suppressed_chars; '\0' != *c; c++)
++ {
++ if (c != suppressed_chars)
++ zbx_strcpy_alloc(&buf, &buf_alloc, &buf_offset, ", ");
++
++ if (0 != isprint(*c))
++ zbx_chrcpy_alloc(&buf, &buf_alloc, &buf_offset, *c);
++ else
++ zbx_snprintf_alloc(&buf, &buf_alloc, &buf_offset, "0x%02x", *c);
++ }
++
++ zbx_snprintf(error, max_error_len, "special characters \"%s\" are not allowed in the parameters", buf);
++
++ zbx_free(buf);
++
++ return FAIL;
++ }
++
++ return SUCCEED;
++}
++
+ static int replace_param(const char *cmd, const char *param, char *out, int outlen, char *error, int max_error_len)
+ {
+ int ret = SUCCEED;
+ char buf[MAX_STRING_LEN];
+ char command[MAX_STRING_LEN];
+ char *pl, *pr;
+- const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@", *c;
+
+ assert(out);
+
+@@ -465,25 +501,10 @@
+ {
+ get_param(param, (int)(pr[1] - '0'), buf, sizeof(buf));
+
+- if (0 == CONFIG_UNSAFE_USER_PARAMETERS)
+- {
+- for (c = suppressed_chars; '\0' != *c; c++)
+- {
+- if (NULL != strchr(buf, *c))
+- {
+- zbx_snprintf(error, max_error_len, "Special characters '%s'"
+- " are not allowed in the parameters",
+- suppressed_chars);
+- ret = FAIL;
+- break;
+- }
+- }
+- }
++ if (SUCCEED != (ret = zbx_check_user_parameter(buf, error, max_error_len)))
++ break;
+ }
+
+- if (FAIL == ret)
+- break;
+-
+ zbx_strlcat(out, buf, outlen);
+ outlen -= MIN((int)strlen(buf), (int)outlen);
+