diff options
Diffstat (limited to 'net-analyzer/zabbix/files/2.4/patches/zbx7479.patch')
-rw-r--r-- | net-analyzer/zabbix/files/2.4/patches/zbx7479.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/net-analyzer/zabbix/files/2.4/patches/zbx7479.patch b/net-analyzer/zabbix/files/2.4/patches/zbx7479.patch new file mode 100644 index 0000000..79bb92f --- /dev/null +++ b/net-analyzer/zabbix/files/2.4/patches/zbx7479.patch @@ -0,0 +1,83 @@ +Index: src/libs/zbxsysinfo/sysinfo.c +=================================================================== +--- src/libs/zbxsysinfo/sysinfo.c (revision 40348) ++++ src/libs/zbxsysinfo/sysinfo.c (working copy) +@@ -427,13 +427,49 @@ + test_aliases(); + } + ++static int zbx_check_user_parameter(const char *param, char *error, int max_error_len) ++{ ++ const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@\n", *c; ++ char *buf = NULL; ++ size_t buf_alloc = 128, buf_offset = 0; ++ ++ if (0 != CONFIG_UNSAFE_USER_PARAMETERS) ++ return SUCCEED; ++ ++ for (c = suppressed_chars; '\0' != *c; c++) ++ { ++ if (NULL == strchr(param, *c)) ++ continue; ++ ++ buf = zbx_malloc(buf, buf_alloc); ++ ++ for (c = suppressed_chars; '\0' != *c; c++) ++ { ++ if (c != suppressed_chars) ++ zbx_strcpy_alloc(&buf, &buf_alloc, &buf_offset, ", "); ++ ++ if (0 != isprint(*c)) ++ zbx_chrcpy_alloc(&buf, &buf_alloc, &buf_offset, *c); ++ else ++ zbx_snprintf_alloc(&buf, &buf_alloc, &buf_offset, "0x%02x", *c); ++ } ++ ++ zbx_snprintf(error, max_error_len, "special characters \"%s\" are not allowed in the parameters", buf); ++ ++ zbx_free(buf); ++ ++ return FAIL; ++ } ++ ++ return SUCCEED; ++} ++ + static int replace_param(const char *cmd, const char *param, char *out, int outlen, char *error, int max_error_len) + { + int ret = SUCCEED; + char buf[MAX_STRING_LEN]; + char command[MAX_STRING_LEN]; + char *pl, *pr; +- const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@", *c; + + assert(out); + +@@ -465,25 +501,10 @@ + { + get_param(param, (int)(pr[1] - '0'), buf, sizeof(buf)); + +- if (0 == CONFIG_UNSAFE_USER_PARAMETERS) +- { +- for (c = suppressed_chars; '\0' != *c; c++) +- { +- if (NULL != strchr(buf, *c)) +- { +- zbx_snprintf(error, max_error_len, "Special characters '%s'" +- " are not allowed in the parameters", +- suppressed_chars); +- ret = FAIL; +- break; +- } +- } +- } ++ if (SUCCEED != (ret = zbx_check_user_parameter(buf, error, max_error_len))) ++ break; + } + +- if (FAIL == ret) +- break; +- + zbx_strlcat(out, buf, outlen); + outlen -= MIN((int)strlen(buf), (int)outlen); + |