Commit c9d8a6c0 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/nagis: security fix for CVE-2013-7108, CVE-2013-7205

fixes #2622
parent 0881bdc9
......@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=nagios
pkgver=3.5.0
pkgrel=5
pkgrel=6
pkgdesc="Popular monitoring tool"
url="http://www.nagios.org/"
arch="all"
......@@ -13,7 +13,9 @@ makedepends="gd-dev pkgconfig perl-dev libpng-dev libjpeg perl-net-snmp"
source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
nagios.confd
nagios.initd
lighttpd-nagios.conf"
lighttpd-nagios.conf
CVE-2013-7108-CVE-2013-7205.patch
"
subpackages="${pkgname}-web"
pkgusers="nagios"
pkggroups="nagios"
......@@ -22,6 +24,11 @@ _builddir="$srcdir/$pkgname"
prepare() {
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
update_config_sub || return 1
}
......@@ -71,12 +78,15 @@ web() {
md5sums="aeef195d2033cc362bf6cb972bcc8f07 nagios-3.5.0.tar.gz
431dfe7403323e247a88b97beade5d78 nagios.confd
2ead8695b32222abe922692664aa9de1 nagios.initd
d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf"
d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf
b095b0e14de61a956af41c6969675e35 CVE-2013-7108-CVE-2013-7205.patch"
sha256sums="469381b2954392689c85d3db733e8da4bd43b806b3d661d1a7fbd52dacc084db nagios-3.5.0.tar.gz
cfd075243bfca803f4aa254022a0a40cd4180fb4d433e16333b74e7bcef8cf0b nagios.confd
e287556e9c73faf60f988a75866119596352e4fb8fe132a887f45f2930a6ae46 nagios.initd
dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083 lighttpd-nagios.conf"
dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083 lighttpd-nagios.conf
5c7d1bd5d64a3a4ac9e27e97063462e00b4c60478279f97abe2390f91ebc1ce3 CVE-2013-7108-CVE-2013-7205.patch"
sha512sums="80f79b85b286dcd4153bff134fd7b88a46ef130a39c17e2263c7e3614a507be0e630e62032f31500c18c920c856e2f4f4e4ebd4c94bb3024b203a9bb744584b4 nagios-3.5.0.tar.gz
8575902dcb7252f195847f9997b424c1ef9bee7dfacdd124c922fc119f583923c34847ce77c505783662d91f7290b1a85dc5e382ac50d177406bfb3876d4e40a nagios.confd
2b7c9677e15b1e33a56b6d65ce6c489e019ddf2d777c3798a7b3082e61584ca4cd2630cdf177710b38f2780873dd0f2333e3e769633e402332043a129137d50b nagios.initd
6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf"
6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf
189b62e9d351dd85ec40f5a3b93e9e28c5aaf6a21c8d1682c63114d2d6d13a6d13962a1ac68250aea3f6b0f51e85ab4eb79b6d6eb9e473a5c49971b520e7fd86 CVE-2013-7108-CVE-2013-7205.patch"
From d97e03f32741a7d851826b03ed73ff4c9612a866 Mon Sep 17 00:00:00 2001
From: Eric Stanley <estanley@nagios.com>
Date: Fri, 20 Dec 2013 13:14:30 -0600
Subject: [PATCH] CGIs: Fixed minor vulnerability where a custom query could
crash the CGI.
Most CGIs previously incremented the input variable counter twice when
it encountered a long key value. This could cause the CGI to read past
the end of the list of CGI variables. This commit removes the second
increment, removing the possibility of reading past the end of the list
of CGI variables.
---
cgi/avail.c | 1 -
cgi/cmd.c | 1 -
cgi/config.c | 1 -
cgi/extinfo.c | 1 -
cgi/histogram.c | 1 -
cgi/notifications.c | 1 -
cgi/outages.c | 1 -
cgi/status.c | 1 -
cgi/statusmap.c | 1 -
cgi/statuswml.c | 7 ++++++-
cgi/summary.c | 1 -
cgi/trends.c | 1 -
contrib/daemonchk.c | 1 -
13 files changed, 6 insertions(+), 13 deletions(-)
diff --git a/cgi/avail.c b/cgi/avail.c
index 76afd86..64eaadc 100644
--- a/cgi/avail.c
+++ b/cgi/avail.c
@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/cmd.c b/cgi/cmd.c
index fa6cf5a..50504eb 100644
--- a/cgi/cmd.c
+++ b/cgi/cmd.c
@@ -311,7 +311,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/config.c b/cgi/config.c
index f061b0f..3360e70 100644
--- a/cgi/config.c
+++ b/cgi/config.c
@@ -344,7 +344,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/extinfo.c b/cgi/extinfo.c
index 62a1b18..5113df4 100644
--- a/cgi/extinfo.c
+++ b/cgi/extinfo.c
@@ -591,7 +591,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/histogram.c b/cgi/histogram.c
index 4616541..f6934d0 100644
--- a/cgi/histogram.c
+++ b/cgi/histogram.c
@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/notifications.c b/cgi/notifications.c
index 8ba11c1..461ae84 100644
--- a/cgi/notifications.c
+++ b/cgi/notifications.c
@@ -327,7 +327,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/outages.c b/cgi/outages.c
index 426ede6..cb58dee 100644
--- a/cgi/outages.c
+++ b/cgi/outages.c
@@ -225,7 +225,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/status.c b/cgi/status.c
index 3253340..4ec1c92 100644
--- a/cgi/status.c
+++ b/cgi/status.c
@@ -567,7 +567,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/statusmap.c b/cgi/statusmap.c
index ea48368..2580ae5 100644
--- a/cgi/statusmap.c
+++ b/cgi/statusmap.c
@@ -400,7 +400,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/statuswml.c b/cgi/statuswml.c
index bd8cea2..d25abef 100644
--- a/cgi/statuswml.c
+++ b/cgi/statuswml.c
@@ -226,8 +226,13 @@ int process_cgivars(void) {
for(x = 0; variables[x] != NULL; x++) {
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+ continue;
+ }
+
/* we found the hostgroup argument */
- if(!strcmp(variables[x], "hostgroup")) {
+ else if(!strcmp(variables[x], "hostgroup")) {
display_type = DISPLAY_HOSTGROUP;
x++;
if(variables[x] == NULL) {
diff --git a/cgi/summary.c b/cgi/summary.c
index 126ce5e..749a02c 100644
--- a/cgi/summary.c
+++ b/cgi/summary.c
@@ -725,7 +725,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/cgi/trends.c b/cgi/trends.c
index b35c18e..895db01 100644
--- a/cgi/trends.c
+++ b/cgi/trends.c
@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git a/contrib/daemonchk.c b/contrib/daemonchk.c
index 78716e5..9bb6c4b 100644
--- a/contrib/daemonchk.c
+++ b/contrib/daemonchk.c
@@ -174,7 +174,6 @@ static int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
}
--
1.8.4.3
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment