[opsview-base] [447] Port of CVS-2014-1878.

0 views

Skip to first unread message

s...@opsview.com

unread,

May 19, 2014, 12:57:35 PM5/19/14

to opsview-...@googlegroups.com

Revision: 447
Author: tvoon
Date: 2014-05-19 17:57:35 +0100 (Mon, 19 May 2014)

Log Message

Port of CVS-2014-1878. Credit to Icinga team

Modified Paths

trunk/Makefile

Added Paths

trunk/patches/nagios_cve_2014_1878.patch

Modified: trunk/Makefile
===================================================================
--- trunk/Makefile	2014-05-19 16:35:41 UTC (rev 446)
+++ trunk/Makefile	2014-05-19 16:57:35 UTC (rev 447)
@@ -635,6 +635,7 @@
 	cd ${NAGIOS} && patch -p1 < ../patches/nagios_iobroker_poll_after_objects.patch
 	cd ${NAGIOS} && patch -p1 < ../patches/nagios_dont_log_disabled_passive_checks.patch
 	cd ${NAGIOS} && patch -p1 < ../patches/nagios_fix_plugin_output_timeout_message.patch
+	cd ${NAGIOS} && patch -p1 < ../patches/nagios_cve_2014_1878.patch
 	cd ${NAGIOS} && patch -p1 < ../patches/nagios_defunct_reload_workers.patch
 	if [ $(KERNEL_NAME) = Linux ] ; then \
 		cd ${NAGIOS} && CFLAGS="${CFLAGS}" ./configure --with-nagios-user=$(NAGIOS_USER) --with-nagios-group=$(NAGIOS_GROUP) --with-command-group=$(NAGIOS_GROUP) --with-cgiurl=/cgi-bin --with-htmurl=/ --enable-libtap ; \

Added: trunk/patches/nagios_cve_2014_1878.patch
===================================================================
--- trunk/patches/nagios_cve_2014_1878.patch	                        (rev 0)
+++ trunk/patches/nagios_cve_2014_1878.patch	2014-05-19 16:57:35 UTC (rev 447)
@@ -0,0 +1,42 @@
+diff -ur nagios-4.0.20130912.original/cgi/cmd.c nagios-4.0.20130912/cgi/cmd.c
+--- nagios-4.0.20130912.original/cgi/cmd.c	2014-05-05 23:58:43.116792631 +0100
++++ nagios-4.0.20130912/cgi/cmd.c	2014-05-15 18:00:58.902459356 +0100
+@@ -1904,14 +1904,14 @@
+ 		return ERROR;
+ 
+ 	len = snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command_name);
+-	if(len < 0)
++	if(len < 0 || len >= sizeof(cmd))
+ 		return ERROR;
+ 
+ 	if(fmt) {
+ 		va_start(ap, fmt);
+ 		len2 = vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap);
+ 		va_end(ap);
+-		if(len2 < 0)
++		if(len2 < 0 || len2 >= sizeof(cmd) - len)
+ 			return ERROR;
+ 		}
+ 
+diff -ur nagios-4.0.20130912.original/cgi/cmd.c.orig nagios-4.0.20130912/cgi/cmd.c.orig
+--- nagios-4.0.20130912.original/cgi/cmd.c.orig	2014-05-05 23:58:42.920792636 +0100
++++ nagios-4.0.20130912/cgi/cmd.c.orig	2014-05-05 23:58:43.000000000 +0100
+@@ -932,7 +932,7 @@
+ 
+ 	printf("<DIV ALIGN=CENTER CLASS='optBoxTitle'>Command Options</DIV>\n");
+ 
+-	printf("<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=1 CLASS='optBox'>\n");
++	printf("<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 CLASS='optBox'>\n");
+ 	printf("<TR><TD CLASS='optBoxItem'>\n");
+ 	printf("<form method='post' action='%s'>\n", COMMAND_CGI);
+ 	printf("<TABLE CELLSPACING=0 CELLPADDING=0 CLASS='optBox'>\n");
+@@ -2301,7 +2301,7 @@
+ void show_command_help(int cmd) {
+ 
+ 	printf("<DIV ALIGN=CENTER CLASS='descriptionTitle'>Command Description</DIV>\n");
+-	printf("<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 CLASS='commandDescription'>\n");
++	printf("<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 CLASS='commandDescription'>\n");
+ 	printf("<TR><TD CLASS='commandDescription'>\n");
+ 
+ 	/* decide what information to print out... */
+Only in nagios-4.0.20130912/cgi: cmd.c.rej

Reply all

Reply to author

Forward

0 new messages