diff options
| author |   Tobias Scherbaum <dertobi123@gentoo.org> | 2007-10-29 19:51:35 +0000 |
|---|---|---|
| committer | Tobias Scherbaum <dertobi123@gentoo.org> | 2007-10-29 19:51:35 +0000 |
| commit | 4f938db4bf8722553c7247692f275016038d6dfe (patch) | |
| tree | 037f26b1a1674682f0655cba39013a1905e34e3b /net-analyzer/nagios-plugins/files | |
| parent | Sparc stable --- Bug #196608 --- developer request. (diff) | |
| download | gentoo-2-4f938db4bf8722553c7247692f275016038d6dfe.tar.gz gentoo-2-4f938db4bf8722553c7247692f275016038d6dfe.tar.bz2 gentoo-2-4f938db4bf8722553c7247692f275016038d6dfe.zip | |
Revbump, fixes for CVE-2007-5623 and CVE-2007-5198
(Portage version: 2.1.3.16)
Diffstat (limited to 'net-analyzer/nagios-plugins/files')
3 files changed, 51 insertions, 0 deletions
diff --git a/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch b/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch new file mode 100644 index 000000000000..6fc954038f6e --- /dev/null +++ b/net-analyzer/nagios-plugins/files/CVE-2007-5623.patch @@ -0,0 +1,37 @@ +--- plugins/check_snmp.c.old 2007-05-29 07:22:32.000000000 +0200 ++++ plugins/check_snmp.c 2007-10-17 22:08:49.000000000 +0200 +@@ -219,12 +219,16 @@ main (int argc, char **argv) + + ptr = output; + +- strcat(perfstr, "| "); ++ strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1); + while (ptr) { + char *foo; ++ unsigned int copylen; + + foo = strstr (ptr, delimiter); +- strncat(perfstr, ptr, foo-ptr); ++ copylen = foo-ptr; ++ if (copylen > sizeof(perfstr)-strlen(perfstr)-1) ++ copylen = sizeof(perfstr)-strlen(perfstr)-1; ++ strncat(perfstr, ptr, copylen); + ptr = foo; + + if (ptr == NULL) +@@ -357,11 +361,11 @@ main (int argc, char **argv) + + i++; + +- strcat(perfstr, "="); +- strcat(perfstr, show); ++ strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1); ++ strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1); + if (type) +- strcat(perfstr, type); +- strcat(perfstr, " "); ++ strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); ++ strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); + + } /* end while (ptr) */ + diff --git a/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1 b/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1 new file mode 100644 index 000000000000..b5e8d8d88381 --- /dev/null +++ b/net-analyzer/nagios-plugins/files/digest-nagios-plugins-1.4.10-r1 @@ -0,0 +1,3 @@ +MD5 c67841223864ae1626ab2adb2f0b4c9d nagios-plugins-1.4.10.tar.gz 1693979 +RMD160 8f8167f07d6162165d7cb38c9c09ebff418151bd nagios-plugins-1.4.10.tar.gz 1693979 +SHA256 193ef480cd2b98d63de9183a83e277d6ef3b55032f44bd76616ef5e7a3d4a76e nagios-plugins-1.4.10.tar.gz 1693979 diff --git a/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch b/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch new file mode 100644 index 000000000000..d128581337f9 --- /dev/null +++ b/net-analyzer/nagios-plugins/files/nagios-plugins-1.4.10-check_http.patch @@ -0,0 +1,11 @@ +--- plugins/check_http.c.old 2007-07-21 18:29:01.000000000 +0200 ++++ plugins/check_http.c 2007-10-14 22:05:26.000000000 +0200 +@@ -1092,7 +1092,7 @@ redir (char *pos, char *status_line) + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n")); + + while (pos) { +- sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i); ++ sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i); + if (i == 0) { + pos += (size_t) strcspn (pos, "\r\n"); + pos += (size_t) strspn (pos, "\r\n"); |