debian/pkg-monitoring-plugins
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

import NMUs

Browse source
This commit is contained in:
Jan Wagner 2007-12-06 09:46:30 +00:00
parent 42cd3331b3
commit 2349359929
4 changed files with 213 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
debian/changelog vendored
View file

@ -7,9 +7,32 @@ nagios-plugins (1.4.8-3) UNRELEASED; urgency=low
#449671). #449671).
* include fix for several typos provided by Luca Falavigna, thanks (closes: * include fix for several typos provided by Luca Falavigna, thanks (closes:
#453012). #453012).
* merge changes from and ack NMUs. Thanks to Steffen Joeris (closes:
#445475) and Nico Golde (closes: #448372, #447639).
-- sean finney <sean@rangda.stickybit.se> Mon, 28 May 2007 19:48:35 +0200 -- sean finney <sean@rangda.stickybit.se> Mon, 28 May 2007 19:48:35 +0200
nagios-plugins (1.4.8-2.2) unstable; urgency=high
* Non-maintainer upload by testing-security team.
* Fix remote DoS which can be triggered by a remote attacker
via crafted snmpget replies (CVE-2007-5623) (Closes: #448372).
* Modifying CVE-2007-5198 patch since it is incomplete (Closes: #447639).
-- Nico Golde <nion@debian.org> Sun, 28 Oct 2007 16:15:54 +0100
nagios-plugins (1.4.8-2.1) unstable; urgency=high
* Non-maintainer upload by the testing-security team
* Include CVS patch to fix buffer overflow in redir function in
check_http.c, which was caused by parsing HTTP redirect strings
using sscanf (Closes: #445475)
Fixes: CVE-2007-5198
* Include fix for off-by-one error and a NULL pointer, which leads
to a segfault
-- Steffen Joeris <white@debian.org> Sun, 14 Oct 2007 10:36:01 +0000
nagios-plugins (1.4.8-2) unstable; urgency=low nagios-plugins (1.4.8-2) unstable; urgency=low
* fix typo in upstream configure script which caused some plugins * fix typo in upstream configure script which caused some plugins

2
debian/patches/00list vendored
View file

@ -8,4 +8,6 @@
26_implicit-basename.dpatch 26_implicit-basename.dpatch
27_check_radius_segfault.dpatch 27_check_radius_segfault.dpatch
28_configure_typo.dpatch 28_configure_typo.dpatch
CVE-2007-5198.dpatch
CVE-2007-5623.dpatch
50_misc_typos.dpatch 50_misc_typos.dpatch

143
debian/patches/CVE-2007-5198.dpatch vendored Normal file
View file

@ -0,0 +1,143 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## CVE-2007-5198.dpatch
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixes CVE-2007-5198
@DPATCH@
diff -urNad nagios-plugins-1.4.8~/plugins/check_http.c nagios-plugins-1.4.8/plugins/check_http.c
--- nagios-plugins-1.4.8~/plugins/check_http.c 2007-03-06 23:45:57.000000000 +0100
+++ nagios-plugins-1.4.8/plugins/check_http.c 2007-10-28 16:25:01.000000000 +0100
@@ -53,7 +53,8 @@
enum {
MAX_IPV4_HOSTLENGTH = 255,
HTTP_PORT = 80,
- HTTPS_PORT = 443
+ HTTPS_PORT = 443,
+ MAX_PORT = 65535
};
#ifdef HAVE_SSL
@@ -148,7 +149,7 @@
if (display_html == TRUE)
printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
- use_ssl ? "https" : "http", host_name,
+ use_ssl ? "https" : "http", server_address,
server_port, server_url);
/* initialize alarm signal handling, set socket timeout, start timer */
@@ -1057,14 +1058,14 @@
/* per RFC 2396 */
#define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
-#define URI_HTTP "%[HTPShtps]://"
-#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
-#define URI_PORT ":%[0123456789]"
+#define URI_HTTP "%5[HTPShtps]"
+#define URI_HOST "%255[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define URI_PORT "%6d" /* MAX_PORT's width is 5 chars, 6 to detect overflow */
#define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
-#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
-#define HD2 URI_HTTP URI_HOST URI_PATH
-#define HD3 URI_HTTP URI_HOST URI_PORT
-#define HD4 URI_HTTP URI_HOST
+#define HD1 URI_HTTP "://" URI_HOST ":" URI_PORT "/" URI_PATH
+#define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
+#define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
+#define HD4 URI_HTTP "://" URI_HOST
#define HD5 URI_PATH
void
@@ -1075,7 +1076,6 @@
char xx[2];
char type[6];
char *addr;
- char port[6];
char *url;
addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
@@ -1087,7 +1087,7 @@
die (STATE_UNKNOWN, _("Could not allocate url\n"));
while (pos) {
- sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);
+ sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);
if (i == 0) {
pos += (size_t) strcspn (pos, "\r\n");
pos += (size_t) strspn (pos, "\r\n");
@@ -1099,17 +1099,21 @@
}
pos += i;
- pos += strspn (pos, " \t\r\n");
+ pos += strspn (pos, " \t");
+ for (; (i = strspn (pos, "\r\n")); pos += i) {
+ pos += i;
+ if (!(i = strspn (pos, " \t"))) {
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Empty redirect location%s\n"),display_html ? "</A>" : "");
+ }
+ }
- url = realloc (url, strcspn (pos, "\r\n"));
+ url = realloc (url, strcspn (pos, "\r\n")+ 1);
if (url == NULL)
die (STATE_UNKNOWN, _("could not allocate url\n"));
/* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */
- if (sscanf (pos, HD1, type, addr, port, url) == 4) {
+ if (sscanf (pos, HD1, type, addr, &i, url) == 4)
use_ssl = server_type_check (type);
- i = atoi (port);
- }
/* URI_HTTP URI_HOST URI_PATH */
else if (sscanf (pos, HD2, type, addr, url) == 3 ) {
@@ -1118,10 +1122,9 @@
}
/* URI_HTTP URI_HOST URI_PORT */
- else if(sscanf (pos, HD3, type, addr, port) == 3) {
+ else if(sscanf (pos, HD3, type, addr, &i) == 3) {
strcpy (url, HTTP_URL);
use_ssl = server_type_check (type);
- i = atoi (port);
}
/* URI_HTTP URI_HOST */
@@ -1141,7 +1144,7 @@
}
i = server_port;
strcpy (type, server_type);
- strcpy (addr, host_name);
+ strcpy (addr, server_address);
}
else {
@@ -1167,7 +1170,6 @@
_("WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
type, addr, i, url, (display_html ? "</A>" : ""));
- server_port = i;
strcpy (server_type, type);
free (host_name);
@@ -1177,7 +1179,18 @@
server_address = strdup (addr);
free (server_url);
+ if ((url[0] == '/'))
server_url = strdup (url);
+ else if (asprintf(&server_url, "/%s", url) == -1)
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate server_url%s\n"), display_html ? "</A>" : "");
+ free(url);
+
+ if ((server_port = i) > MAX_PORT)
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"),
+ MAX_PORT, server_type, server_address, server_port, server_url, display_html ? "</A>" : "");
+
+ if (verbose)
+ printf ("Redirection to %s://%s:%d%s\n", server_type, server_address, server_port, server_url);
check_http ();
}

45
debian/patches/CVE-2007-5623.dpatch vendored Normal file
View file

@ -0,0 +1,45 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## CVE-2007-5623.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad nagios-plugins-1.4.8~/plugins/check_snmp.c nagios-plugins-1.4.8/plugins/check_snmp.c
--- nagios-plugins-1.4.8~/plugins/check_snmp.c 2007-02-02 10:10:22.000000000 +0100
+++ nagios-plugins-1.4.8/plugins/check_snmp.c 2007-10-28 16:14:48.000000000 +0100
@@ -217,12 +217,16 @@
ptr = output;
- strcat(perfstr, "| ");
+ strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
while (ptr) {
char *foo;
+ unsigned int copylen;
foo = strstr (ptr, delimiter);
- strncat(perfstr, ptr, foo-ptr);
+ copylen = foo-ptr;
+ if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
+ copylen = sizeof(perfstr)-strlen(perfstr)-1;
+ strncat(perfstr, ptr, copylen);
ptr = foo;
if (ptr == NULL)
@@ -351,11 +355,11 @@
i++;
- strcat(perfstr, "=");
- strcat(perfstr, show);
+ strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
+ strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
if (type)
- strcat(perfstr, type);
- strcat(perfstr, " ");
+ strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+ strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
} /* end while (ptr) */