Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 305353 Details for
Bug 437849
CVE-2008-1360 nagios cross site scripting
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
SuSE patch
nagios-2.9-CVE-2008-1360.diff (text/plain), 6.61 KB, created by
Tomas Hoger
on 2008-05-14 12:22:20 UTC
(
hide
)
Description:
SuSE patch
Filename:
MIME Type:
Creator:
Tomas Hoger
Created:
2008-05-14 12:22:20 UTC
Size:
6.61 KB
patch
obsolete
>From d945d77a30c251ac02419823ec9ecfd05436c27a Mon Sep 17 00:00:00 2001 >From: Ludwig Nussel <ludwig.nussel@suse.de> >Date: Wed, 9 Apr 2008 16:09:44 +0200 >Subject: [PATCH] CVE-2008-1360 > PatchSet 899 > HTML-escaped plugin output in CGIs > >Conflicts: > > cgi/cmd.c > cgi/statuswml.c >--- > cgi/cgiutils.c | 9 --------- > cgi/extinfo.c | 4 ++-- > cgi/history.c | 2 +- > cgi/notifications.c | 2 +- > cgi/showlog.c | 2 +- > cgi/status.c | 4 ++-- > include/cgiutils.h.in | 1 - > 7 files changed, 7 insertions(+), 17 deletions(-) > >diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c >index b17f91a..ae187f0 100644 >--- a/cgi/cgiutils.c >+++ b/cgi/cgiutils.c >@@ -1414,15 +1414,6 @@ char * html_encode(char *input){ > > > >-/* strips dangerous HTML from plugin output */ >-char * strip_plugin_html(char *input){ >- >- /* TODO */ >- >- return input; >- } >- >- > > /* determines the log file we should use (from current time) */ > void get_log_archive_to_use(int archive,char *buffer,int buffer_length){ >diff --git a/cgi/extinfo.c b/cgi/extinfo.c >index 7ddc451..a58399b 100644 >--- a/cgi/extinfo.c >+++ b/cgi/extinfo.c >@@ -995,7 +995,7 @@ void show_host_info(void){ > > printf("<TR><TD CLASS='dataVar'>Host Status:</td><td CLASS='dataVal'><DIV CLASS='%s'> %s %s </DIV></td></tr>\n",bg_class,state_string,(temp_hoststatus->problem_has_been_acknowledged==TRUE)?"(Has been acknowledged)":""); > >- printf("<TR><TD CLASS='dataVar'>Status Information:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->plugin_output==NULL)?"":strip_plugin_html(temp_hoststatus->plugin_output)); >+ printf("<TR><TD CLASS='dataVar'>Status Information:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->plugin_output==NULL)?"":html_encode(temp_hoststatus->plugin_output)); > > printf("<TR><TD CLASS='dataVar'>Performance Data:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_hoststatus->perf_data==NULL)?"":html_encode(temp_hoststatus->perf_data)); > >@@ -1305,7 +1305,7 @@ void show_service_info(void){ > } > printf("<TR><TD CLASS='dataVar'>Current Status:</TD><TD CLASS='dataVal'><DIV CLASS='%s'> %s %s </DIV></TD></TR>\n",bg_class,state_string,(temp_svcstatus->problem_has_been_acknowledged==TRUE)?"(Has been acknowledged)":""); > >- printf("<TR><TD CLASS='dataVar'>Status Information:</TD><TD CLASS='dataVal'>%s</TD></TR>\n",(temp_svcstatus->plugin_output==NULL)?"":strip_plugin_html(temp_svcstatus->plugin_output)); >+ printf("<TR><TD CLASS='dataVar'>Status Information:</TD><TD CLASS='dataVal'>%s</TD></TR>\n",(temp_svcstatus->plugin_output==NULL)?"":html_encode(temp_svcstatus->plugin_output)); > > printf("<TR><TD CLASS='dataVar'>Performance Data:</td><td CLASS='dataVal'>%s</td></tr>\n",(temp_svcstatus->perf_data==NULL)?"":html_encode(temp_svcstatus->perf_data)); > >diff --git a/cgi/history.c b/cgi/history.c >index 3758a41..71dc485 100644 >--- a/cgi/history.c >+++ b/cgi/history.c >@@ -901,7 +901,7 @@ void get_history(void){ > > if(display_frills==TRUE) > printf("<img align='left' src='%s%s' alt='%s' title='%s'>",url_images_path,image,image_alt,image_alt); >- printf("[%s] %s<br clear='all'>\n",date_time,strip_plugin_html(temp_buffer)); >+ printf("[%s] %s<br clear='all'>\n",date_time,html_encode(temp_buffer)); > found_line=TRUE; > } > } >diff --git a/cgi/notifications.c b/cgi/notifications.c >index 0fe07bd..13b3b4f 100644 >--- a/cgi/notifications.c >+++ b/cgi/notifications.c >@@ -714,7 +714,7 @@ void display_notifications(void){ > printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",date_time); > printf("<td CLASS='notifications%s'><a href='%s?type=contacts#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(contact_name),contact_name); > printf("<td CLASS='notifications%s'><a href='%s?type=commands#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(method_name),method_name); >- printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",strip_plugin_html(temp_buffer)); >+ printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",html_encode(temp_buffer)); > printf("</tr>\n"); > } > } >diff --git a/cgi/showlog.c b/cgi/showlog.c >index 78337f0..ca666df 100644 >--- a/cgi/showlog.c >+++ b/cgi/showlog.c >@@ -513,7 +513,7 @@ int display_log(void){ > > if(display_frills==TRUE) > printf("<img align='left' src='%s%s' alt='%s' title='%s'>",url_images_path,image,image_alt,image_alt); >- printf("[%s] %s<br clear='all'>\n",date_time,(temp_buffer==NULL)?"":strip_plugin_html(temp_buffer)); >+ printf("[%s] %s<br clear='all'>\n",date_time,(temp_buffer==NULL)?"":html_encode(temp_buffer)); > } > > printf("</DIV></P>\n"); >diff --git a/cgi/status.c b/cgi/status.c >index c357599..9b7188b 100644 >--- a/cgi/status.c >+++ b/cgi/status.c >@@ -1729,7 +1729,7 @@ void show_service_detail(void){ > printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,date_time); > printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,state_duration); > printf("<TD CLASS='status%s'>%d/%d</TD>\n",status_bg_class,temp_status->current_attempt,temp_status->max_attempts); >- printf("<TD CLASS='status%s'>%s </TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":strip_plugin_html(temp_status->plugin_output)); >+ printf("<TD CLASS='status%s'>%s </TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":html_encode(temp_status->plugin_output)); > > printf("</TR>\n"); > >@@ -2113,7 +2113,7 @@ void show_host_detail(void){ > printf("<TD CLASS='status%s'>%s</TD>\n",status_class,status); > printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,date_time); > printf("<TD CLASS='status%s' nowrap>%s</TD>\n",status_bg_class,state_duration); >- printf("<TD CLASS='status%s'>%s </TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":strip_plugin_html(temp_status->plugin_output)); >+ printf("<TD CLASS='status%s'>%s </TD>\n",status_bg_class,(temp_status->plugin_output==NULL)?"":html_encode(temp_status->plugin_output)); > > printf("</TR>\n"); > } >diff --git a/include/cgiutils.h.in b/include/cgiutils.h.in >index 1a9fee0..46daf6c 100644 >--- a/include/cgiutils.h.in >+++ b/include/cgiutils.h.in >@@ -470,7 +470,6 @@ char * my_strsep (char **, const char *); > > char * url_encode(char *); /* encodes a string in proper URL format */ > char * html_encode(char *); /* encodes a string in HTML format (for what the user sees) */ >-char * strip_plugin_html(char *); /* strips dangerous HTML from plugin output */ > > void get_time_breakdown(unsigned long,int *,int *,int *,int *); /* given total seconds, get days, hours, minutes, seconds */ > >-- >1.5.3.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=305353">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 437849
: 305353