main/nagios: security fix for CVE-2013-7108, CVE-2013-7205

fixes #2621
author: Natanael Copa <ncopa@alpinelinux.org> 2014-02-05 09:01:55 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2014-04-17 08:45:33 +0000
commit: bc591804416645cfa8daae8a4d4ab036ba72a402 (patch)
tree: 007fba1b8040a99dae6662caafbc408db14facb3 /main/nagios
parent: 6499c73a4c09c49fabf2c744656defc5b0f7aa96 (diff)
download: aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.bz2
aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.xz
2 files changed, 212 insertions, 5 deletions
diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD
index e07a0f6496..5686299a89 100644
--- a/main/nagios/APKBUILD
+++ b/main/nagios/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=nagios
 pkgver=3.5.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Popular monitoring tool"
 url="http://www.nagios.org/"
 arch="all"
@@ -13,13 +13,24 @@ makedepends="gd-dev pkgconfig perl-dev libpng-dev libjpeg perl-net-snmp"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	nagios.confd
 	nagios.initd
-	lighttpd-nagios.conf"
+	lighttpd-nagios.conf
+	CVE-2013-7108-CVE-2013-7205.patch
+	"
 subpackages="${pkgname}-web"
 pkgusers="nagios"
 pkggroups="nagios"
 
 _builddir="$srcdir/$pkgname"
 
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
 build() {
 	cd "$_builddir"
 	./configure --prefix=/usr \
@@ -62,12 +73,15 @@ web() {
 md5sums="aeef195d2033cc362bf6cb972bcc8f07  nagios-3.5.0.tar.gz
 431dfe7403323e247a88b97beade5d78  nagios.confd
 2ead8695b32222abe922692664aa9de1  nagios.initd
-d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf"
+d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf
+b095b0e14de61a956af41c6969675e35  CVE-2013-7108-CVE-2013-7205.patch"
 sha256sums="469381b2954392689c85d3db733e8da4bd43b806b3d661d1a7fbd52dacc084db  nagios-3.5.0.tar.gz
 cfd075243bfca803f4aa254022a0a40cd4180fb4d433e16333b74e7bcef8cf0b  nagios.confd
 e287556e9c73faf60f988a75866119596352e4fb8fe132a887f45f2930a6ae46  nagios.initd
-dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083  lighttpd-nagios.conf"
+dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083  lighttpd-nagios.conf
+5c7d1bd5d64a3a4ac9e27e97063462e00b4c60478279f97abe2390f91ebc1ce3  CVE-2013-7108-CVE-2013-7205.patch"
 sha512sums="80f79b85b286dcd4153bff134fd7b88a46ef130a39c17e2263c7e3614a507be0e630e62032f31500c18c920c856e2f4f4e4ebd4c94bb3024b203a9bb744584b4  nagios-3.5.0.tar.gz
 8575902dcb7252f195847f9997b424c1ef9bee7dfacdd124c922fc119f583923c34847ce77c505783662d91f7290b1a85dc5e382ac50d177406bfb3876d4e40a  nagios.confd
 2b7c9677e15b1e33a56b6d65ce6c489e019ddf2d777c3798a7b3082e61584ca4cd2630cdf177710b38f2780873dd0f2333e3e769633e402332043a129137d50b  nagios.initd
-6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588  lighttpd-nagios.conf"
+6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588  lighttpd-nagios.conf
+189b62e9d351dd85ec40f5a3b93e9e28c5aaf6a21c8d1682c63114d2d6d13a6d13962a1ac68250aea3f6b0f51e85ab4eb79b6d6eb9e473a5c49971b520e7fd86  CVE-2013-7108-CVE-2013-7205.patch"
diff --git a/main/nagios/CVE-2013-7108-CVE-2013-7205.patch b/main/nagios/CVE-2013-7108-CVE-2013-7205.patch
new file mode 100644
index 0000000000..119e80a122
--- /dev/null
+++ b/main/nagios/CVE-2013-7108-CVE-2013-7205.patch
@@ -0,0 +1,193 @@
+From d97e03f32741a7d851826b03ed73ff4c9612a866 Mon Sep 17 00:00:00 2001
+From: Eric Stanley <estanley@nagios.com>
+Date: Fri, 20 Dec 2013 13:14:30 -0600
+Subject: [PATCH] CGIs: Fixed minor vulnerability where a custom query could
+ crash the CGI.
+
+Most CGIs previously incremented the input variable counter twice when
+it encountered a long key value. This could cause the CGI to read past
+the end of the list of CGI variables. This commit removes the second
+increment, removing the possibility of reading past the end of the list
+of CGI variables.
+---
+ cgi/avail.c         | 1 -
+ cgi/cmd.c           | 1 -
+ cgi/config.c        | 1 -
+ cgi/extinfo.c       | 1 -
+ cgi/histogram.c     | 1 -
+ cgi/notifications.c | 1 -
+ cgi/outages.c       | 1 -
+ cgi/status.c        | 1 -
+ cgi/statusmap.c     | 1 -
+ cgi/statuswml.c     | 7 ++++++-
+ cgi/summary.c       | 1 -
+ cgi/trends.c        | 1 -
+ contrib/daemonchk.c | 1 -
+ 13 files changed, 6 insertions(+), 13 deletions(-)
+
+diff --git a/cgi/avail.c b/cgi/avail.c
+index 76afd86..64eaadc 100644
+--- a/cgi/avail.c
++++ b/cgi/avail.c
+@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/cmd.c b/cgi/cmd.c
+index fa6cf5a..50504eb 100644
+--- a/cgi/cmd.c
++++ b/cgi/cmd.c
+@@ -311,7 +311,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/config.c b/cgi/config.c
+index f061b0f..3360e70 100644
+--- a/cgi/config.c
++++ b/cgi/config.c
+@@ -344,7 +344,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/extinfo.c b/cgi/extinfo.c
+index 62a1b18..5113df4 100644
+--- a/cgi/extinfo.c
++++ b/cgi/extinfo.c
+@@ -591,7 +591,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/histogram.c b/cgi/histogram.c
+index 4616541..f6934d0 100644
+--- a/cgi/histogram.c
++++ b/cgi/histogram.c
+@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/notifications.c b/cgi/notifications.c
+index 8ba11c1..461ae84 100644
+--- a/cgi/notifications.c
++++ b/cgi/notifications.c
+@@ -327,7 +327,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/outages.c b/cgi/outages.c
+index 426ede6..cb58dee 100644
+--- a/cgi/outages.c
++++ b/cgi/outages.c
+@@ -225,7 +225,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/status.c b/cgi/status.c
+index 3253340..4ec1c92 100644
+--- a/cgi/status.c
++++ b/cgi/status.c
+@@ -567,7 +567,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/statusmap.c b/cgi/statusmap.c
+index ea48368..2580ae5 100644
+--- a/cgi/statusmap.c
++++ b/cgi/statusmap.c
+@@ -400,7 +400,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/statuswml.c b/cgi/statuswml.c
+index bd8cea2..d25abef 100644
+--- a/cgi/statuswml.c
++++ b/cgi/statuswml.c
+@@ -226,8 +226,13 @@ int process_cgivars(void) {
+ 
+ 	for(x = 0; variables[x] != NULL; x++) {
+ 
++		/* do some basic length checking on the variable identifier to prevent buffer overflows */
++		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
++			continue;
++			}
++
+ 		/* we found the hostgroup argument */
+-		if(!strcmp(variables[x], "hostgroup")) {
++		else if(!strcmp(variables[x], "hostgroup")) {
+ 			display_type = DISPLAY_HOSTGROUP;
+ 			x++;
+ 			if(variables[x] == NULL) {
+diff --git a/cgi/summary.c b/cgi/summary.c
+index 126ce5e..749a02c 100644
+--- a/cgi/summary.c
++++ b/cgi/summary.c
+@@ -725,7 +725,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/trends.c b/cgi/trends.c
+index b35c18e..895db01 100644
+--- a/cgi/trends.c
++++ b/cgi/trends.c
+@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/contrib/daemonchk.c b/contrib/daemonchk.c
+index 78716e5..9bb6c4b 100644
+--- a/contrib/daemonchk.c
++++ b/contrib/daemonchk.c
+@@ -174,7 +174,6 @@ static int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 		}
+-- 
+1.8.4.3
+
author	Natanael Copa <ncopa@alpinelinux.org>	2014-02-05 09:01:55 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2014-04-17 08:45:33 +0000
commit	bc591804416645cfa8daae8a4d4ab036ba72a402 (patch)
tree	007fba1b8040a99dae6662caafbc408db14facb3 /main/nagios
parent	6499c73a4c09c49fabf2c744656defc5b0f7aa96 (diff)
download	aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.bz2 aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.xz