[Pkg-nagios-devel] Bug#920756: icinga-cgi-bin: history.cgi ignores or zeroes ts_start parameter

Daniel Beardsmore resident at telcontar.net
Mon Jan 28 18:54:53 GMT 2019


Package: icinga-cgi-bin
Version: 1.13.4-2
Severity: important

Dear Maintainer,

When viewing (host and service) history using history.cgi, the "Latest
Archive", "Earlier Archive" and "More Recent Archive" links are paginated
using the CGI query parameters of ts_start and ts_end. ts_end is read
correctly, but ts_start is always zeroed.

Writing something like "ts_start=jello" shows that this unparsed, erroneous
value propagates to the previous/next page arrows and the export link, so
this conclusively rules out any kind of bad CGI interaction: the value of
ts_start is available to the program.

However, Log Navigation always gives the start time as "Thu Jan 1 01:00:00
BST 1970" (0), the hidden field is written out as zero (<input type='hidden'
name='ts_start' value='0'>) and viewing each page of results takes some time
as it has to examine every single log file as they are all within the date
range.

This rather bizarre check in cgiutils.c (in function
convert_timeperiod_to_times) is the only place that ts_start appears to be
explicitly zeroed:

	/* everything before start of unix time is invalid */
	if ((unsigned long int)ts_start > (unsigned long int)current_time)
		*ts_start = 0L;

However, ts_start is definitely < current_time, so this should not apply.

ts_start and ts_end appear to be otherwise processed identically, and there
is no sign of any reason why it would be misplacing the value of ts_start.

There seems to be no rational explanation for how ts_start can be either
misparsed or erased, but yet somewhere between being read from the CGI and
being used, it is either misplaced, or reverted to zero. Everything that
reads the parsed ts_start value is seeing 0.


-- System Information:
Debian Release: 9.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages icinga-cgi-bin depends on:
ii  libc6            2.24-11+deb9u3
ii  libgd3           2.2.4-2+deb9u3
ii  libjpeg62-turbo  1:1.5.1-2
ii  libjs-jquery     3.1.1-2
ii  libjs-jquery-ui  1.12.1+dfsg-4
ii  libpng16-16      1.6.28-1
ii  zlib1g           1:1.2.8.dfsg-5

Versions of packages icinga-cgi-bin recommends:
ii  apache2 [httpd]  2.4.25-3+deb9u6
ii  nagios-images    0.9.1

icinga-cgi-bin suggests no packages.

-- no debconf information



More information about the Pkg-nagios-devel mailing list