From owner-svn-ports-head@FreeBSD.ORG Fri Jan 11 07:42:35 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 07FE8B65; Fri, 11 Jan 2013 07:42:35 +0000 (UTC) (envelope-from rm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id D314074C; Fri, 11 Jan 2013 07:42:34 +0000 (UTC) Received: from svn.freebsd.org (svn.FreeBSD.org [8.8.178.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0B7gYun016007; Fri, 11 Jan 2013 07:42:34 GMT (envelope-from rm@svn.freebsd.org) Received: (from rm@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0B7gYCG016005; Fri, 11 Jan 2013 07:42:34 GMT (envelope-from rm@svn.freebsd.org) Message-Id: <201301110742.r0B7gYCG016005@svn.freebsd.org> From: Ruslan Mahmatkhanov Date: Fri, 11 Jan 2013 07:42:34 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310219 - in head/net-mgmt/nagios: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2013 07:42:35 -0000 Author: rm Date: Fri Jan 11 07:42:34 2013 New Revision: 310219 URL: http://svnweb.freebsd.org/changeset/ports/310219 Log: - add upstream patch for CVE-2012-6096 PR: 175196 Submitted by: Jarrod Sayers (maintainer) Security: 97c22a94-5b8b-11e2-b131-000c299b62e1 Added: head/net-mgmt/nagios/files/patch-CVE-2012-6096 (contents, props changed) Modified: head/net-mgmt/nagios/Makefile (contents, props changed) Modified: head/net-mgmt/nagios/Makefile ============================================================================== --- head/net-mgmt/nagios/Makefile Fri Jan 11 07:18:27 2013 (r310218) +++ head/net-mgmt/nagios/Makefile Fri Jan 11 07:42:34 2013 (r310219) @@ -3,6 +3,7 @@ PORTNAME= nagios PORTVERSION= 3.4.3 +PORTREVISION= 1 CATEGORIES= net-mgmt MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION} Added: head/net-mgmt/nagios/files/patch-CVE-2012-6096 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/nagios/files/patch-CVE-2012-6096 Fri Jan 11 07:42:34 2013 (r310219) @@ -0,0 +1,117 @@ +--- cgi/getcgi.c.orig 2011-08-17 17:06:27.000000000 +0930 ++++ cgi/getcgi.c 2013-01-11 17:02:53.000000000 +1030 +@@ -137,14 +137,15 @@ + /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */ + if(getenv("QUERY_STRING") == NULL) { + cgiinput = (char *)malloc(1); +- if(cgiinput == NULL) { +- printf("getcgivars(): Could not allocate memory for CGI input.\n"); +- exit(1); +- } +- cgiinput[0] = '\x0'; ++ if(cgiinput != NULL) ++ cgiinput[0] = '\x0'; + } + else + cgiinput = strdup(getenv("QUERY_STRING")); ++ if(cgiinput == NULL) { ++ printf("getcgivars(): Could not allocate memory for CGI input.\n"); ++ exit(1); ++ } + } + + else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) { +@@ -220,7 +221,12 @@ + paircount = 0; + nvpair = strtok(cgiinput, "&"); + while(nvpair) { +- pairlist[paircount++] = strdup(nvpair); ++ pairlist[paircount] = strdup(nvpair); ++ if( NULL == pairlist[paircount]) { ++ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount); ++ exit(1); ++ } ++ paircount++; + if(!(paircount % 256)) { + pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **)); + if(pairlist == NULL) { +@@ -245,13 +251,29 @@ + /* get the variable name preceding the equal (=) sign */ + if((eqpos = strchr(pairlist[i], '=')) != NULL) { + *eqpos = '\0'; +- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1)); ++ cgivars[i * 2 + 1] = strdup(eqpos + 1); ++ if( NULL == cgivars[ i * 2 + 1]) { ++ printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i); ++ exit(1); ++ } ++ unescape_cgi_input(cgivars[i * 2 + 1]); ++ } ++ else { ++ cgivars[i * 2 + 1] = strdup(""); ++ if( NULL == cgivars[ i * 2 + 1]) { ++ printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i); ++ exit(1); ++ } ++ unescape_cgi_input(cgivars[i * 2 + 1]); + } +- else +- unescape_cgi_input(cgivars[i * 2 + 1] = strdup("")); + + /* get the variable value (or name/value of there was no real "pair" in the first place) */ +- unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i])); ++ cgivars[i * 2] = strdup(pairlist[i]); ++ if( NULL == cgivars[ i * 2]) { ++ printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i); ++ exit(1); ++ } ++ unescape_cgi_input(cgivars[i * 2]); + } + + /* terminate the name-value list */ +--- cgi/history.c.orig 2011-08-17 17:06:27.000000000 +0930 ++++ cgi/history.c 2013-01-11 17:03:18.000000000 +1030 +@@ -805,16 +805,22 @@ + else if(display_type == DISPLAY_HOSTS) { + + if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) { +- sprintf(match1, " HOST ALERT: %s;", host_name); +- sprintf(match2, " SERVICE ALERT: %s;", host_name); ++ snprintf(match1, sizeof( match1), ++ " HOST ALERT: %s;", host_name); ++ snprintf(match2, sizeof( match2), ++ " SERVICE ALERT: %s;", host_name); + } + else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) { +- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name); +- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name); ++ snprintf(match1, sizeof( match1), ++ " HOST FLAPPING ALERT: %s;", host_name); ++ snprintf(match2, sizeof( match2), ++ " SERVICE FLAPPING ALERT: %s;", host_name); + } + else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) { +- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name); +- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name); ++ snprintf(match1, sizeof( match1), ++ " HOST DOWNTIME ALERT: %s;", host_name); ++ snprintf(match2, sizeof( match2), ++ " SERVICE DOWNTIME ALERT: %s;", host_name); + } + + if(show_all_hosts == TRUE) +@@ -853,11 +859,11 @@ + else if(display_type == DISPLAY_SERVICES) { + + if(history_type == SERVICE_HISTORY) +- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description); + else if(history_type == SERVICE_FLAPPING_HISTORY) +- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); + else if(history_type == SERVICE_DOWNTIME_HISTORY) +- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); + + if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY)) + display_line = TRUE; \ No newline at end of file