[Pkg-nagios-changes] [SCM] Debian packaging for Nagios3 branch, master, updated. debian/3.4.1-2-19-g04df464

Alexander Wirt formorer at debian.org
Thu Jun 27 05:48:19 UTC 2013 

The following commit has been merged in the master branch:
commit fee75283959921ae58735a2d234fb36b82b048fc
Author: Alexander Wirt <formorer at debian.org>
Date:   Thu Jun 27 06:46:14 2013 +0200

    Add patch from 3.4.1-3

diff --git a/debian/patches/00list b/debian/patches/00list
index 315d38c..05851ae 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -9,4 +9,5 @@
 99_remove_update-check.dpatch
 99_fix_php_warning.dpatch
 99_security_status_cgi_servicegroup.dpatch
+99_security_cve_2012_6096.dpatch
 999_daemon-downtime-Handle-loading-effective-downtime-fr.dpatch
diff --git a/debian/patches/99_security_cve_2012_6096.dpatch b/debian/patches/99_security_cve_2012_6096.dpatch
new file mode 100755
index 0000000..bdec71f
--- /dev/null
+++ b/debian/patches/99_security_cve_2012_6096.dpatch
@@ -0,0 +1,128 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_securit_cve_2012_6096.dpatch by Alexander Wirt <formorer at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix overflows in getcgi.c and history.cgi (CVE 2012-6096)
+## DP: Debian Bug #697930
+## DP: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.4.1~/cgi/getcgi.c nagios3-3.4.1/cgi/getcgi.c
+--- nagios3-3.4.1~/cgi/getcgi.c	2011-08-17 09:36:27.000000000 +0200
++++ nagios3-3.4.1/cgi/getcgi.c	2013-01-27 17:10:41.725700070 +0100
+@@ -137,14 +137,15 @@
+ 		/* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */
+ 		if(getenv("QUERY_STRING") == NULL) {
+ 			cgiinput = (char *)malloc(1);
+-			if(cgiinput == NULL) {
+-				printf("getcgivars(): Could not allocate memory for CGI input.\n");
+-				exit(1);
+-				}
+-			cgiinput[0] = '\x0';
++			if(cgiinput != NULL) 
++				cgiinput[0] = '\x0';
+ 			}
+ 		else
+ 			cgiinput = strdup(getenv("QUERY_STRING"));
++		if(cgiinput == NULL) {
++			printf("getcgivars(): Could not allocate memory for CGI input.\n");
++			exit(1);
++			}
+ 		}
+ 
+ 	else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) {
+@@ -220,7 +221,12 @@
+ 	paircount = 0;
+ 	nvpair = strtok(cgiinput, "&");
+ 	while(nvpair) {
+-		pairlist[paircount++] = strdup(nvpair);
++		pairlist[paircount] = strdup(nvpair);
++		if( NULL == pairlist[paircount]) {
++			printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount);
++			exit(1);
++			}
++		paircount++;
+ 		if(!(paircount % 256)) {
+ 			pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **));
+ 			if(pairlist == NULL) {
+@@ -245,13 +251,29 @@
+ 		/* get the variable name preceding the equal (=) sign */
+ 		if((eqpos = strchr(pairlist[i], '=')) != NULL) {
+ 			*eqpos = '\0';
+-			unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1));
++			cgivars[i * 2 + 1] = strdup(eqpos + 1);
++			if( NULL == cgivars[ i * 2 + 1]) {
++				printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i);
++				exit(1);
++				}
++			unescape_cgi_input(cgivars[i * 2 + 1]);
++			}
++		else {
++			cgivars[i * 2 + 1] = strdup("");
++			if( NULL == cgivars[ i * 2 + 1]) {
++				printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i);
++				exit(1);
++				}
++			unescape_cgi_input(cgivars[i * 2 + 1]);
+ 			}
+-		else
+-			unescape_cgi_input(cgivars[i * 2 + 1] = strdup(""));
+ 
+ 		/* get the variable value (or name/value of there was no real "pair" in the first place) */
+-		unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i]));
++		cgivars[i * 2] = strdup(pairlist[i]);
++		if( NULL == cgivars[ i * 2]) {
++			printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i);
++			exit(1);
++			}
++		unescape_cgi_input(cgivars[i * 2]);
+ 		}
+ 
+ 	/* terminate the name-value list */
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.4.1~/cgi/history.c nagios3-3.4.1/cgi/history.c
+--- nagios3-3.4.1~/cgi/history.c	2011-08-17 09:36:27.000000000 +0200
++++ nagios3-3.4.1/cgi/history.c	2013-01-27 17:10:41.721700070 +0100
+@@ -805,16 +805,22 @@
+ 			else if(display_type == DISPLAY_HOSTS) {
+ 
+ 				if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) {
+-					sprintf(match1, " HOST ALERT: %s;", host_name);
+-					sprintf(match2, " SERVICE ALERT: %s;", host_name);
++					snprintf(match1, sizeof( match1), 
++							" HOST ALERT: %s;", host_name);
++					snprintf(match2, sizeof( match2), 
++							" SERVICE ALERT: %s;", host_name);
+ 					}
+ 				else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) {
+-					sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name);
+-					sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name);
++					snprintf(match1, sizeof( match1), 
++							" HOST FLAPPING ALERT: %s;", host_name);
++					snprintf(match2, sizeof( match2), 
++							" SERVICE FLAPPING ALERT: %s;", host_name);
+ 					}
+ 				else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) {
+-					sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name);
+-					sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name);
++					snprintf(match1, sizeof( match1), 
++							" HOST DOWNTIME ALERT: %s;", host_name);
++					snprintf(match2, sizeof( match2), 
++							" SERVICE DOWNTIME ALERT: %s;", host_name);
+ 					}
+ 
+ 				if(show_all_hosts == TRUE)
+@@ -853,11 +859,11 @@
+ 			else if(display_type == DISPLAY_SERVICES) {
+ 
+ 				if(history_type == SERVICE_HISTORY)
+-					sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description);
++					snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description);
+ 				else if(history_type == SERVICE_FLAPPING_HISTORY)
+-					sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
++					snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
+ 				else if(history_type == SERVICE_DOWNTIME_HISTORY)
+-					sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
++					snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
+ 
+ 				if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY))
+ 					display_line = TRUE;

-- 
Debian packaging for Nagios3

More information about the Pkg-nagios-changes mailing list