* [gentoo-commits] gentoo-x86 commit in net-analyzer/zabbix/files/2.0/patches: zbx7479.patch
@ 2013-12-03 19:28 Matthew Marlow (mattm)
0 siblings, 0 replies; only message in thread
From: Matthew Marlow (mattm) @ 2013-12-03 19:28 UTC (permalink / raw
To: gentoo-commits
mattm 13/12/03 19:28:19
Added: zbx7479.patch
Log:
Patching for Zabbix Vulnerability - Possible Shell Code Injection - https://support.zabbix.com/browse/ZBX-7479
(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key 786037A7)
Revision Changes Path
1.1 net-analyzer/zabbix/files/2.0/patches/zbx7479.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.0/patches/zbx7479.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/zabbix/files/2.0/patches/zbx7479.patch?rev=1.1&content-type=text/plain
Index: zbx7479.patch
===================================================================
Index: src/libs/zbxsysinfo/sysinfo.c
===================================================================
--- src/libs/zbxsysinfo/sysinfo.c (revision 40346)
+++ src/libs/zbxsysinfo/sysinfo.c (working copy)
@@ -267,13 +267,49 @@
test_parameter(commands[i].key, PROCESS_TEST | PROCESS_USE_TEST_PARAM);
}
+static int zbx_check_user_parameter(const char *param, char *error, int max_error_len)
+{
+ const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@\n", *c;
+ char *buf = NULL;
+ size_t buf_alloc = 128, buf_offset = 0;
+
+ if (0 != CONFIG_UNSAFE_USER_PARAMETERS)
+ return SUCCEED;
+
+ for (c = suppressed_chars; '\0' != *c; c++)
+ {
+ if (NULL == strchr(param, *c))
+ continue;
+
+ buf = zbx_malloc(buf, buf_alloc);
+
+ for (c = suppressed_chars; '\0' != *c; c++)
+ {
+ if (c != suppressed_chars)
+ zbx_strcpy_alloc(&buf, &buf_alloc, &buf_offset, ", ");
+
+ if (0 != isprint(*c))
+ zbx_chrcpy_alloc(&buf, &buf_alloc, &buf_offset, *c);
+ else
+ zbx_snprintf_alloc(&buf, &buf_alloc, &buf_offset, "0x%02x", *c);
+ }
+
+ zbx_snprintf(error, max_error_len, "special characters \"%s\" are not allowed in the parameters", buf);
+
+ zbx_free(buf);
+
+ return FAIL;
+ }
+
+ return SUCCEED;
+}
+
static int replace_param(const char *cmd, const char *param, char *out, int outlen, char *error, int max_error_len)
{
int ret = SUCCEED;
char buf[MAX_STRING_LEN];
char command[MAX_STRING_LEN];
char *pl, *pr;
- const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@", *c;
assert(out);
@@ -305,25 +341,10 @@
{
get_param(param, (int)(pr[1] - '0'), buf, sizeof(buf));
- if (0 == CONFIG_UNSAFE_USER_PARAMETERS)
- {
- for (c = suppressed_chars; '\0' != *c; c++)
- {
- if (NULL != strchr(buf, *c))
- {
- zbx_snprintf(error, max_error_len, "Special characters '%s'"
- " are not allowed in the parameters",
- suppressed_chars);
- ret = FAIL;
- break;
- }
- }
- }
+ if (SUCCEED != (ret = zbx_check_user_parameter(buf, error, max_error_len)))
+ break;
}
- if (FAIL == ret)
- break;
-
zbx_strlcat(out, buf, outlen);
outlen -= MIN((int)strlen(buf), (int)outlen);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-12-03 19:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-03 19:28 [gentoo-commits] gentoo-x86 commit in net-analyzer/zabbix/files/2.0/patches: zbx7479.patch Matthew Marlow (mattm)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox