sync with latest security upload

2008-02-14 17:52:58 +00:00 · 2008-02-14 17:52:58 +00:00 · 9b4a8d00a1
parent da7f7826b0
commit 9b4a8d00a1
5 changed files with 165 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+nagios-plugins (1.4-6sarge1) oldstable-security; urgency=high
+
+  * Fix CVE-2007-5198
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Tue,  5 Feb 2008 23:03:23 +0000
+
 nagios-plugins (1.4-6) unstable; urgency=low

  * Build-Depend on the *correct* libmysqlclient-dev
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -2,3 +2,4 @@
 06_checkircd
 08_subst
 09_pssyntax
+10_CVE-2007-5198
--- a/debian/patches/10_CVE-2007-5198.dpatch
+++ b/debian/patches/10_CVE-2007-5198.dpatch
@ -0,0 +1,144 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_CVE-2007-5198
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -aur nagios-plugins-1.4.orig/plugins/check_http.c nagios-plugins-1.4/plugins/check_http.c
+--- nagios-plugins-1.4.orig/plugins/check_http.c	2005-01-21 00:40:30.000000000 +0100
+++ nagios-plugins-1.4/plugins/check_http.c	2007-12-14 15:26:02.000000000 +0100
+@@ -34,7 +34,8 @@
+ enum {
+ 	MAX_IPV4_HOSTLENGTH = 255,
+ 	HTTP_PORT = 80,
+-	HTTPS_PORT = 443
+	HTTPS_PORT = 443,
+	MAX_PORT = 65535
+ };
+ 
+ #ifdef HAVE_SSL_H
+@@ -158,7 +159,7 @@
+ 
+ 	if (display_html == TRUE)
+ 		printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">", 
+-			use_ssl ? "https" : "http", host_name,
+      use_ssl ? "https" : "http", server_address,
+ 			server_port, server_url);
+ 
+ 	/* initialize alarm signal handling, set socket timeout, start timer */
+@@ -1098,14 +1099,14 @@
+ 
+ /* per RFC 2396 */
+ #define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
+-#define URI_HTTP "%[HTPShtps]://"
+-#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+-#define URI_PORT ":%[0123456789]"
+#define URI_HTTP "%5[HTPShtps]"
+#define URI_HOST "%255[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define URI_PORT "%6d" /* MAX_PORT's width is 5 chars, 6 to detect overflow */
+ #define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+-#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
+-#define HD2 URI_HTTP URI_HOST URI_PATH
+-#define HD3 URI_HTTP URI_HOST URI_PORT
+-#define HD4 URI_HTTP URI_HOST
+#define HD1 URI_HTTP "://" URI_HOST ":" URI_PORT "/" URI_PATH
+#define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
+#define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
+#define HD4 URI_HTTP "://" URI_HOST
+ #define HD5 URI_PATH
+ 
+ void
+@@ -1116,7 +1117,6 @@
+ 	char xx[2];
+ 	char type[6];
+ 	char *addr;
+-	char port[6];
+ 	char *url;
+ 
+ 	addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
+@@ -1129,7 +1129,7 @@
+ 
+ 	while (pos) {
+ 
+-		if (sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i) < 1) {
+		if (sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i) < 1) {
+ 
+ 			pos += (size_t) strcspn (pos, "\r\n");
+ 			pos += (size_t) strspn (pos, "\r\n");
+@@ -1141,17 +1141,21 @@
+ 		}
+ 
+ 		pos += i;
+-		pos += strspn (pos, " \t\r\n");
+    pos += strspn (pos, " \t");
+    for (; (i = strspn (pos, "\r\n")); pos += i) {
+      pos += i;
+      if (!(i = strspn (pos, " \t"))) {
+	die (STATE_UNKNOWN, _("HTTP UNKNOWN - Empty redirect location%s\n"),display_html ? "</A>" : "");
+	}
+    }
+ 
+-		url = realloc (url, strcspn (pos, "\r\n"));
+    url = realloc (url, strcspn (pos, "\r\n")+ 1);
+ 		if (url == NULL)
+ 			die (STATE_UNKNOWN, _("could not allocate url\n"));
+ 
+ 		/* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */
+-		if (sscanf (pos, HD1, type, addr, port, url) == 4) {
+    if (sscanf (pos, HD1, type, addr, &i, url) == 4)    
+ 			use_ssl = server_type_check (type);
+-			i = atoi (port);
+-		}
+ 
+ 		/* URI_HTTP URI_HOST URI_PATH */
+ 		else if (sscanf (pos, HD2, type, addr, url) == 3 ) { 
+@@ -1160,10 +1164,9 @@
+ 		}
+ 
+ 		/* URI_HTTP URI_HOST URI_PORT */
+-		else if(sscanf (pos, HD3, type, addr, port) == 3) {
+    else if(sscanf (pos, HD3, type, addr, &i) == 3) {    
+ 			strcpy (url, HTTP_URL);
+ 			use_ssl = server_type_check (type);
+-			i = atoi (port);
+ 		}
+ 
+ 		/* URI_HTTP URI_HOST */
+@@ -1183,7 +1186,7 @@
+ 			}
+ 			i = server_port;
+ 			strcpy (type, server_type);
+-			strcpy (addr, host_name);
+      strcpy (addr, server_address);
+ 		} 					
+ 
+ 		else {
+@@ -1209,7 +1212,6 @@
+ 		     _("WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+ 		     type, addr, i, url, (display_html ? "</A>" : ""));
+ 
+-	server_port = i;
+ 	strcpy (server_type, type);
+ 
+ 	free (host_name);
+@@ -1219,7 +1221,18 @@
+ 	server_address = strdup (addr);
+ 
+ 	free (server_url);
+  if ((url[0] == '/'))
+ 	server_url = strdup (url);
+  else if (asprintf(&server_url, "/%s", url) == -1)
+      die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate server_url%s\n"), display_html ? "</A>" : "");
+      free(url);
+      
+      if ((server_port = i) > MAX_PORT)
+          die (STATE_UNKNOWN, _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"),
+               MAX_PORT, server_type, server_address, server_port, server_url, display_html ? "</A>" : "");
+      
+      if (verbose)
+          printf ("Redirection to %s://%s:%d%s\n", server_type, server_address, server_port, server_url);
+ 
+ 	check_http ();
+ }
+
--- a/pkg/solaris/.cvsignore
+++ b/pkg/solaris/.cvsignore
@ -0,0 +1,2 @@
+.cvsignore
+pkginfo
--- a/pkg/solaris/pkginfo
+++ b/pkg/solaris/pkginfo
@ -0,0 +1,12 @@
+PKG="NAGplugin"
+NAME="nagios-plugins"
+DESC="Nagios network monitoring plugins"
+ARCH="powerpc"
+VERSION="1.4,REV=2005.02.04.00.49"
+CATEGORY="application"
+VENDOR="Nagios Plugin Development Team"
+EMAIL="nagiosplug-devel@lists.sourceforge.net"
+PSTAMP="nag20050204004941"
+BASEDIR="/"
+CLASSES="none"
+