FreeBSD Mail Archives

Date:      Wed, 10 Dec 2008 16:50:01 +0300
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        bug-followup@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org
Cc:        jarrod@netleader.com.au
Subject:   Re: ports/129496: [vuxml] net-mgmt/nagios: document CVE-2008-5027
Message-ID:  <cPaZyi1n7/%2BskDfkUq2kXnEwpEg@qm7gbYKMPO53E/nl%2BD5eD8YyL1A>
In-Reply-To: <200812081240.mB8Ce1RS086101@freefall.freebsd.org>
References:  <20081208123837.96AB6B8019@phoenix.codelabs.ru> <200812081240.mB8Ce1RS086101@freefall.freebsd.org>


--FCuugMFkClbJLl1L
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Good day.

I had backported fixes for both CVE-2008-5027 and CVE-2008-5028
to Nagios 2.12.  I had tested only compilability and rechecked
the patch for sanity by eyes.  I have no real system to test this
on -- all my Nagios instances are using 3.x.  So, if anyone will
be able to test this -- it will be much appreciated.

--- backport-fixes-for-CVE-2008-5027.5028.diff begins here ---
=46rom dffe74ffbf00b87a022a31a2de718eb40d93eb6e Mon Sep 17 00:00:00 2001
=46rom: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Wed, 10 Dec 2008 16:32:17 +0300
Subject: [PATCH] net-mgmt/nagios2: backport fixes for CVE-2008-5027 and 502=
8 from 3.0.6

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 net-mgmt/nagios2/Makefile                       |    2 +-
 net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 |  720 +++++++++++++++++++=
++++
 2 files changed, 721 insertions(+), 1 deletions(-)
 create mode 100644 net-mgmt/nagios2/files/patch-CVE-2008-5027.5028

diff --git a/net-mgmt/nagios2/Makefile b/net-mgmt/nagios2/Makefile
index b919454..8cb2e07 100644
--- a/net-mgmt/nagios2/Makefile
+++ b/net-mgmt/nagios2/Makefile
@@ -7,7 +7,7 @@
=20
 PORTNAME=3D	nagios
 PORTVERSION=3D	2.12
-PORTREVISION=3D	1
+PORTREVISION=3D	2
 CATEGORIES=3D	net-mgmt
 MASTER_SITES=3D	SF
=20
diff --git a/net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 b/net-mgmt/nag=
ios2/files/patch-CVE-2008-5027.5028
new file mode 100644
index 0000000..e19b36a
--- /dev/null
+++ b/net-mgmt/nagios2/files/patch-CVE-2008-5027.5028
@@ -0,0 +1,720 @@
+From bee4d15cd5ee18b1caa578b1b56cd71168754c2d Mon Sep 17 00:00:00 2001
+From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
+Date: Mon, 8 Dec 2008 22:15:13 +0300
+Subject: [PATCH] Nagios 2.12: backport cmd.cgi fixes (CSRF and command inj=
ection) from 3.x
+
+Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/base/comm=
ands.c?r1=3D1.107&r2=3D1.108&view=3Dpatch
+Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/cmd.c=
?r1=3D1.44&r2=3D1.45&view=3Dpatch
+Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/cmd.c=
?r1=3D1.45&r2=3D1.46&view=3Dpatch
+Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/extcm=
d_list.c?revision=3D1.1
+
+Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
+---
+ base/commands.c  |    4 +-
+ cgi/cmd.c        |  447 ++++++++++++++++++++++++++++++++++++++-----------=
-----
+ include/common.h |    1 +
+ 3 files changed, 318 insertions(+), 134 deletions(-)
+
+diff --git a/base/commands.c b/base/commands.c
+index 79de49b..5b5ab45 100644
+--- base/commands.c
++++ base/commands.c
+@@ -204,9 +204,9 @@ void check_for_external_commands(void){
+ 		else if(!strcmp(command_id,"ENTER_ACTIVE_MODE") || !strcmp(command_id,"=
ENABLE_NOTIFICATIONS"))
+ 			command_type=3DCMD_ENABLE_NOTIFICATIONS;
+=20
+-		else if(!strcmp(command_id,"SHUTDOWN_PROGRAM"))
++		else if(!strcmp(command_id,"SHUTDOWN_PROGRAM") || !strcmp(command_id,"S=
HUTDOWN_PROCESS"))
+ 			command_type=3DCMD_SHUTDOWN_PROCESS;
+-		else if(!strcmp(command_id,"RESTART_PROGRAM"))
++		else if(!strcmp(command_id,"RESTART_PROGRAM") || !strcmp(command_id,"RE=
START_PROCESS"))
+ 			command_type=3DCMD_RESTART_PROCESS;
+=20
+ 		else if(!strcmp(command_id,"SAVE_STATE_INFORMATION"))
+diff --git a/cgi/cmd.c b/cgi/cmd.c
+index 63059bd..d36cab6 100644
+--- cgi/cmd.c
++++ cgi/cmd.c
+@@ -31,6 +31,10 @@
+ #include "../include/cgiauth.h"
+ #include "../include/getcgi.h"
+=20
++#include <stdarg.h>
++
++extern const char *extcmd_get_name(int id);
++
+ extern char main_config_file[MAX_FILENAME_LENGTH];
+ extern char command_file[MAX_FILENAME_LENGTH];
+ extern char comment_file[MAX_FILENAME_LENGTH];
+@@ -1825,6 +1829,35 @@ void commit_command_data(int cmd){
+ 	return;
+         }
+=20
++__attribute__((format(printf, 2, 3)))
++static int cmd_submitf(int id, const char *fmt, ...)
++{
++	char cmd[MAX_EXTERNAL_COMMAND_LENGTH];
++	const char *command;
++	int len, len2;
++	va_list ap;
++
++	command =3D extcmd_get_name(id);
++	/*
++	 * We disallow sending 'CHANGE' commands from the cgi's
++	 * until we do proper session handling to prevent cross-site
++	 * request forgery
++	 */
++	if (!command || (strlen(command) > 6 && !memcmp("CHANGE", command, 6)))
++		return ERROR;
++
++	len =3D snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command);
++	if (len < 0)
++		return ERROR;
++
++	va_start(ap, fmt);
++	len2 =3D vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap);
++	va_end(ap);
++	if (len2 < 0)
++		return ERROR;
++
++	return write_command_to_file(cmd);
++}
+=20
+ /* commits a command for processing */
+ int commit_command(int cmd){
+@@ -1847,236 +1880,211 @@ int commit_command(int cmd){
+ 	switch(cmd){
+=20
+ 	case CMD_ADD_HOST_COMMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_HOST_COMMEN=
T;%s;%d;%s;%s\n",current_time,host_name,(persistent_comment=3D=3DTRUE)?1:0,=
comment_author,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%d;%s;%s",host_name,(persistent_comment=
=3D=3DTRUE)?1:0,comment_author,comment_data);
+ 		break;
+-	=09
++
+ 	case CMD_ADD_SVC_COMMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_SVC_COMMENT=
;%s;%s;%d;%s;%s\n",current_time,host_name,service_desc,(persistent_comment=
=3D=3DTRUE)?1:0,comment_author,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%s;%d;%s;%s",host_name,service_desc,(per=
sistent_comment=3D=3DTRUE)?1:0,comment_author,comment_data);
+ 		break;
+=20
+ 	case CMD_DEL_HOST_COMMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_HOST_COMMEN=
T;%lu\n",current_time,comment_id);
+-		break;
+-	=09
+ 	case CMD_DEL_SVC_COMMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_SVC_COMMENT=
;%lu\n",current_time,comment_id);
++		result =3D cmd_submitf(cmd,"%lu",comment_id);
+ 		break;
+-	=09
++
+ 	case CMD_DELAY_HOST_NOTIFICATION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_HOST_NOTI=
FICATION;%s;%lu\n",current_time,host_name,notification_time);
++		result =3D cmd_submitf(cmd,"%s;%lu",host_name,notification_time);
+ 		break;
+=20
+ 	case CMD_DELAY_SVC_NOTIFICATION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_SVC_NOTIF=
ICATION;%s;%s;%lu\n",current_time,host_name,service_desc,notification_time);
++		result =3D cmd_submitf(cmd,"%s;%s;%lu",host_name,service_desc,notificat=
ion_time);
+ 		break;
+=20
+ 	case CMD_SCHEDULE_SVC_CHECK:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sSVC_=
CHECK;%s;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",host_n=
ame,service_desc,start_time);
++		result =3D cmd_submitf((force_check=3D=3DTRUE)?CMD_SCHEDULE_FORCED_SVC_=
CHECK:cmd,"%s;%s;%lu",host_name,service_desc,start_time);
+ 		break;
+=20
+ 	case CMD_ENABLE_SVC_CHECK:
+ 	case CMD_DISABLE_SVC_CHECK:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_CHECK;%s=
;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_CHECK)?"ENABLE":"DISABLE",host=
_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_DISABLE_NOTIFICATIONS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DISABLE_NOTIFIC=
ATIONS;%lu\n",current_time,scheduled_time);
+-		break;
+-	=09
+ 	case CMD_ENABLE_NOTIFICATIONS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ENABLE_NOTIFICA=
TIONS;%lu\n",current_time,scheduled_time);
+-		break;
+-	=09
+ 	case CMD_SHUTDOWN_PROCESS:
+ 	case CMD_RESTART_PROCESS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PROGRAM;%lu\=
n",current_time,(cmd=3D=3DCMD_SHUTDOWN_PROCESS)?"SHUTDOWN":"RESTART",schedu=
led_time);
++		result =3D cmd_submitf(cmd,"%lu",scheduled_time);
+ 		break;
+=20
+ 	case CMD_ENABLE_HOST_SVC_CHECKS:
+ 	case CMD_DISABLE_HOST_SVC_CHECKS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CH=
ECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_SVC_CHECKS)?"ENABLE":"DIS=
ABLE",host_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CH=
ECKS;%s\n[%lu] %s_HOST_CHECK;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_S=
VC_CHECKS)?"ENABLE":"DISABLE",host_name,current_time,(cmd=3D=3DCMD_ENABLE_H=
OST_SVC_CHECKS)?"ENABLE":"DISABLE",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd =3D=3D CMD_ENABLE_HOST_SVC_CHECKS?CMD_ENA=
BLE_HOST_CHECK:CMD_DISABLE_HOST_CHECK),"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_SCHEDULE_HOST_SVC_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST=
_SVC_CHECKS;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",hos=
t_name,scheduled_time);
++		result =3D cmd_submitf((force_check=3D=3DTRUE?CMD_SCHEDULE_FORCED_HOST_=
SVC_CHECKS:cmd),"%s;%lu",host_name,scheduled_time);
+ 		break;
+=20
+ 	case CMD_DEL_ALL_HOST_COMMENTS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_HOST_CO=
MMENTS;%s\n",current_time,host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_DEL_ALL_SVC_COMMENTS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_SVC_COM=
MENTS;%s;%s\n",current_time,host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+=20
+ 	case CMD_ENABLE_SVC_NOTIFICATIONS:
+ 	case CMD_DISABLE_SVC_NOTIFICATIONS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_NOTIFICA=
TIONS;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_NOTIFICATIONS)?"ENABLE=
":"DISABLE",host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_HOST_NOTIFICATIONS:
+ 	case CMD_DISABLE_HOST_NOTIFICATIONS:
+ 		if(propagate_to_children=3D=3DTRUE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_AND_CH=
ILD_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATION=
S)?"ENABLE":"DISABLE",host_name);
++			result =3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATIONS?CMD_ENA=
BLE_HOST_AND_CHILD_NOTIFICATIONS:CMD_DISABLE_HOST_AND_CHILD_NOTIFICATIONS),=
"%s",host_name);
+ 		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_NOTIFI=
CATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATIONS)?"ENABLE=
":"DISABLE",host_name);
++			result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
+ 	case CMD_DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ALL_NOTIFICA=
TIONS_BEYOND_HOST;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_ALL_NOTIFICATIONS=
_BEYOND_HOST)?"ENABLE":"DISABLE",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_HOST_SVC_NOTIFICATIONS:
+ 	case CMD_DISABLE_HOST_SVC_NOTIFICATIONS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NO=
TIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS)=
?"ENABLE":"DISABLE",host_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NO=
TIFICATIONS;%s\n[%lu] %s_HOST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCM=
D_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name,current_time,=
(cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS?CM=
D_ENABLE_HOST_NOTIFICATIONS:CMD_DISABLE_HOST_NOTIFICATIONS),"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_ACKNOWLEDGE_HOST_PROBLEM:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_HOS=
T_PROBLEM;%s;%d;%d;%d;%s;%s\n",current_time,host_name,(sticky_ack=3D=3DTRUE=
)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification=3D=3DTRU=
E)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%d;%d;%d;%s;%s",host_name,(sticky_ack=3D=
=3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification=
=3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,comment_d=
ata);
+ 		break;
+-	=09
++
+ 	case CMD_ACKNOWLEDGE_SVC_PROBLEM:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_SVC=
_PROBLEM;%s;%s;%d;%d;%d;%s;%s\n",current_time,host_name,service_desc,(stick=
y_ack=3D=3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notifi=
cation=3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,com=
ment_data);
++		result =3D cmd_submitf(cmd,"%s;%s;%d;%d;%d;%s;%s",host_name,service_des=
c,(sticky_ack=3D=3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(sen=
d_notification=3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_au=
thor,comment_data);
+ 		break;
+=20
+ 	case CMD_START_EXECUTING_SVC_CHECKS:
+ 	case CMD_STOP_EXECUTING_SVC_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_SV=
C_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_EXECUTING_SVC_CHECKS)?"START"=
:"STOP");
+-		break;
+-
+ 	case CMD_START_ACCEPTING_PASSIVE_SVC_CHECKS:
+ 	case CMD_STOP_ACCEPTING_PASSIVE_SVC_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PA=
SSIVE_SVC_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_ACCEPTING_PASSIVE_SVC=
_CHECKS)?"START":"STOP");
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+=20
+ 	case CMD_ENABLE_PASSIVE_SVC_CHECKS:
+ 	case CMD_DISABLE_PASSIVE_SVC_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_SVC_=
CHECKS;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_PASSIVE_SVC_CHECKS)?"ENAB=
LE":"DISABLE",host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_EVENT_HANDLERS:
+ 	case CMD_DISABLE_EVENT_HANDLERS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EVENT_HANDLE=
RS;\n",current_time,(cmd=3D=3DCMD_ENABLE_EVENT_HANDLERS)?"ENABLE":"DISABLE"=
);
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+=20
+ 	case CMD_ENABLE_SVC_EVENT_HANDLER:
+ 	case CMD_DISABLE_SVC_EVENT_HANDLER:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_EVENT_HA=
NDLER;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_EVENT_HANDLER)?"ENABLE=
":"DISABLE",host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_HOST_EVENT_HANDLER:
+ 	case CMD_DISABLE_HOST_EVENT_HANDLER:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_EVENT_H=
ANDLER;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_EVENT_HANDLER)?"ENABLE"=
:"DISABLE",host_name);
+-		break;
+-	=09
+ 	case CMD_ENABLE_HOST_CHECK:
+ 	case CMD_DISABLE_HOST_CHECK:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_CHECK;%=
s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_CHECK)?"ENABLE":"DISABLE",host_=
name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_START_OBSESSING_OVER_SVC_CHECKS:
+ 	case CMD_STOP_OBSESSING_OVER_SVC_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV=
ER_SVC_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_SVC_CHECK=
S)?"START":"STOP");
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+-	=09
++
+ 	case CMD_REMOVE_HOST_ACKNOWLEDGEMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_HOST_ACK=
NOWLEDGEMENT;%s\n",current_time,host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_REMOVE_SVC_ACKNOWLEDGEMENT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_SVC_ACKN=
OWLEDGEMENT;%s;%s\n",current_time,host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_PROCESS_SERVICE_CHECK_RESULT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_SERVICE=
_CHECK_RESULT;%s;%s;%d;%s|%s\n",current_time,host_name,service_desc,plugin_=
state,plugin_output,performance_data);
++		result =3D cmd_submitf(cmd,"%s;%s;%d;%s|%s",host_name,service_desc,plug=
in_state,plugin_output,performance_data);
+ 		break;
+-	=09
++
+ 	case CMD_PROCESS_HOST_CHECK_RESULT:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_HOST_CH=
ECK_RESULT;%s;%d;%s|%s\n",current_time,host_name,plugin_state,plugin_output=
,performance_data);
++		result =3D cmd_submitf(cmd,"%s;%d;%s|%s",host_name,plugin_state,plugin_=
output,performance_data);
+ 		break;
+-	=09
++
+ 	case CMD_SCHEDULE_HOST_DOWNTIME:
+ 		if(child_options=3D=3D1)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_P=
ROPAGATE_TRIGGERED_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_tim=
e,host_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration=
,comment_author,comment_data);
++			cmd =3D CMD_SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME;
+ 		else if(child_options=3D=3D2)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_P=
ROPAGATE_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_nam=
e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_a=
uthor,comment_data);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOST_=
DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,start_time,e=
nd_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_author,comment_=
data);
++			cmd =3D CMD_SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME;
++		result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,star=
t_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_author,=
comment_data);
+ 		break;
+-	=09
++
+ 	case CMD_SCHEDULE_SVC_DOWNTIME:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SVC_DO=
WNTIME;%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,service_des=
c,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_a=
uthor,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,s=
ervice_desc,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration=
,comment_author,comment_data);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_HOST_FLAP_DETECTION:
+ 	case CMD_DISABLE_HOST_FLAP_DETECTION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_FLAP_DE=
TECTION;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_FLAP_DETECTION)?"ENABL=
E":"DISABLE",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_SVC_FLAP_DETECTION:
+ 	case CMD_DISABLE_SVC_FLAP_DETECTION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_FLAP_DET=
ECTION;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_FLAP_DETECTION)?"ENAB=
LE":"DISABLE",host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+-	=09
++
+ 	case CMD_ENABLE_FLAP_DETECTION:
+ 	case CMD_DISABLE_FLAP_DETECTION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FLAP_DETECTI=
ON\n",current_time,(cmd=3D=3DCMD_ENABLE_FLAP_DETECTION)?"ENABLE":"DISABLE");
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+-	=09
++
+ 	case CMD_DEL_HOST_DOWNTIME:
+ 	case CMD_DEL_SVC_DOWNTIME:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_%s_DOWNTIME=
;%lu\n",current_time,(cmd=3D=3DCMD_DEL_HOST_DOWNTIME)?"HOST":"SVC",downtime=
_id);
++		result =3D cmd_submitf(cmd,"%lu",downtime_id);
+ 		break;
+=20
+ 	case CMD_ENABLE_FAILURE_PREDICTION:
+ 	case CMD_DISABLE_FAILURE_PREDICTION:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FAILURE_PRED=
ICTION\n",current_time,(cmd=3D=3DCMD_ENABLE_FAILURE_PREDICTION)?"ENABLE":"D=
ISABLE");
+-		break;
+-	=09
+ 	case CMD_ENABLE_PERFORMANCE_DATA:
+ 	case CMD_DISABLE_PERFORMANCE_DATA:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PERFORMANCE_=
DATA\n",current_time,(cmd=3D=3DCMD_ENABLE_PERFORMANCE_DATA)?"ENABLE":"DISAB=
LE");
+-		break;
+-	=09
+ 	case CMD_START_EXECUTING_HOST_CHECKS:
+ 	case CMD_STOP_EXECUTING_HOST_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_HO=
ST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_EXECUTING_HOST_CHECKS)?"STAR=
T":"STOP");
+-		break;
+-
+ 	case CMD_START_ACCEPTING_PASSIVE_HOST_CHECKS:
+ 	case CMD_STOP_ACCEPTING_PASSIVE_HOST_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PA=
SSIVE_HOST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_ACCEPTING_PASSIVE_HO=
ST_CHECKS)?"START":"STOP");
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+=20
+ 	case CMD_ENABLE_PASSIVE_HOST_CHECKS:
+ 	case CMD_DISABLE_PASSIVE_HOST_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_HOST=
_CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_PASSIVE_HOST_CHECKS)?"ENABL=
E":"DISABLE",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+=20
+ 	case CMD_START_OBSESSING_OVER_HOST_CHECKS:
+ 	case CMD_STOP_OBSESSING_OVER_HOST_CHECKS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV=
ER_HOST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_HOST_CHE=
CKS)?"START":"STOP");
++		result =3D cmd_submitf(cmd,"");
+ 		break;
+=20
+ 	case CMD_SCHEDULE_HOST_CHECK:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST=
_CHECK;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",host_nam=
e,start_time);
++		if (force_check=3D=3DTRUE)
++			cmd =3D CMD_SCHEDULE_FORCED_HOST_CHECK;
++		result =3D cmd_submitf(cmd,"%s;%lu",host_name,start_time);
+ 		break;
+=20
+ 	case CMD_START_OBSESSING_OVER_SVC:
+ 	case CMD_STOP_OBSESSING_OVER_SVC:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV=
ER_SVC;%s;%s\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_SVC)?"START=
":"STOP",host_name,service_desc);
++		result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc);
+ 		break;
+=20
+ 	case CMD_START_OBSESSING_OVER_HOST:
+ 	case CMD_STOP_OBSESSING_OVER_HOST:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV=
ER_HOST;%s\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_HOST)?"START"=
:"STOP",host_name);
++		result =3D cmd_submitf(cmd,"%s",host_name);
+ 		break;
+=20
+=20
+@@ -2084,34 +2092,31 @@ int commit_command(int cmd){
+=20
+ 	case CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS:
+ 	case CMD_DISABLE_HOSTGROUP_SVC_NOTIFICATIONS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S=
VC_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTI=
FICATIONS)?"ENABLE":"DISABLE",hostgroup_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S=
VC_NOTIFICATIONS;%s\n[%lu] %s_HOSTGROUP_HOST_NOTIFICATIONS;%s\n",current_ti=
me,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",hos=
tgroup_name,current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?=
"ENABLE":"DISABLE",hostgroup_name);
++		result =3D cmd_submitf(cmd,"%s",hostgroup_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIO=
NS?CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS:CMD_DISABLE_HOSTGROUP_HOST_NOTIF=
ICATIONS),"%s",hostgroup_name);
+ 		break;
+=20
+ 	case CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS:
+ 	case CMD_DISABLE_HOSTGROUP_HOST_NOTIFICATIONS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_HO=
ST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_HOST_NOT=
IFICATIONS)?"ENABLE":"DISABLE",hostgroup_name);
++		result =3D cmd_submitf(cmd,"%s",hostgroup_name);
+ 		break;
+=20
+ 	case CMD_ENABLE_HOSTGROUP_SVC_CHECKS:
+ 	case CMD_DISABLE_HOSTGROUP_SVC_CHECKS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S=
VC_CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"EN=
ABLE":"DISABLE",hostgroup_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S=
VC_CHECKS;%s\n[%lu] %s_HOSTGROUP_HOST_CHECKS;%s\n",current_time,(cmd=3D=3DC=
MD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup_name,current_t=
ime,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup=
_name);
++		result =3D cmd_submitf(cmd,"%s",hostgroup_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS?CMD_=
ENABLE_HOSTGROUP_HOST_CHECKS:CMD_DISABLE_HOSTGROUP_HOST_CHECKS),"%s",hostgr=
oup_name);
+ 		break;
+=20
+ 	case CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTGR=
OUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,=
start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_d=
ata);
++		result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,s=
tart_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_da=
ta);
+ 		break;
+=20
+ 	case CMD_SCHEDULE_HOSTGROUP_SVC_DOWNTIME:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTG=
ROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,=
start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_d=
ata);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTG=
ROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_HOSTGROUP_HOST_=
DOWNTIME;%s;%lu;%lu;%d;%lu;%s;%s\n",current_time,hostgroup_name,start_time,=
end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_data,current=
_time,hostgroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,com=
ment_author,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,s=
tart_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_da=
ta);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf(CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME,"%s;%lu;%=
lu;%d;%lu;%s;%s",hostgroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,d=
uration,comment_author,comment_data);
+ 		break;
+=20
+=20
+@@ -2119,34 +2124,31 @@ int commit_command(int cmd){
+=20
+ 	case CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS:
+ 	case CMD_DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU=
P_SVC_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SV=
C_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU=
P_SVC_NOTIFICATIONS;%s\n[%lu] %s_SERVICEGROUP_HOST_NOTIFICATIONS;%s\n",curr=
ent_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DIS=
ABLE",servicegroup_name,current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_=
NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
++		result =3D cmd_submitf(cmd,"%s",servicegroup_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_NOTIFICA=
TIONS?CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS:CMD_DISABLE_SERVICEGROUP_H=
OST_NOTIFICATIONS),"%s",servicegroup_name);
+ 		break;
+=20
+ 	case CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS:
+ 	case CMD_DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP=
_HOST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_HO=
ST_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
++		result =3D cmd_submitf(cmd,"%s",servicegroup_name);
+ 		break;
+=20
+ 	case CMD_ENABLE_SERVICEGROUP_SVC_CHECKS:
+ 	case CMD_DISABLE_SERVICEGROUP_SVC_CHECKS:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU=
P_SVC_CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECK=
S)?"ENABLE":"DISABLE",servicegroup_name);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU=
P_SVC_CHECKS;%s\n[%lu] %s_SERVICEGROUP_HOST_CHECKS;%s\n",current_time,(cmd=
=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",servicegroup_n=
ame,current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DI=
SABLE",servicegroup_name);
++		result =3D cmd_submitf(cmd,"%s",servicegroup_name);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS?C=
MD_ENABLE_SERVICEGROUP_HOST_CHECKS:CMD_DISABLE_SERVICEGROUP_HOST_CHECKS),"%=
s",servicegroup_name);
+ 		break;
+=20
+ 	case CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME:
+-		snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVIC=
EGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup=
_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,com=
ment_data);
++		result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_nam=
e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment=
_data);
+ 		break;
+=20
+ 	case CMD_SCHEDULE_SERVICEGROUP_SVC_DOWNTIME:
+-		if(affect_host_and_services=3D=3DFALSE)
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVI=
CEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup=
_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,com=
ment_data);
+-		else
+-			snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVI=
CEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_SERVICEGROUP=
_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%s;%s\n",current_time,servicegroup_name,st=
art_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_dat=
a,current_time,servicegroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,=
duration,comment_author,comment_data);
++		result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_nam=
e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment=
_data);
++		if(affect_host_and_services=3D=3DTRUE)
++			result |=3D cmd_submitf(CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME,"%s;%l=
u;%lu;%d;%lu;%s;%s",servicegroup_name,start_time,end_time,(fixed=3D=3DTRUE)=
?1:0,duration,comment_author,comment_data);
+ 		break;
+=20
+ 	default:
+@@ -2154,12 +2156,6 @@ int commit_command(int cmd){
+ 		break;
+ 	        }
+=20
+-	/* make sure command buffer is terminated */
+-	command_buffer[sizeof(command_buffer)-1]=3D'\x0';
+-
+-	/* write the command to the command file */
+-	result=3Dwrite_command_to_file(command_buffer);
+-
+ 	return result;
+         }
+=20
+@@ -2170,6 +2166,14 @@ int write_command_to_file(char *cmd){
+ 	FILE *fp;
+ 	struct stat statbuf;
+=20
++	/*
++	 * Commands are not allowed to have newlines in them, as
++	 * that allows malicious users to hand-craft requests that
++	 * bypass the access-restrictions.
++	 */
++	if (!cmd || !*cmd || strchr(cmd, '\n'))
++		return ERROR;
++
+ 	/* bail out if the external command file doesn't exist */
+ 	if(stat(command_file,&statbuf)){
+=20
+@@ -2202,7 +2206,7 @@ int write_command_to_file(char *cmd){
+ 	        }
+=20
+ 	/* write the command to file */
+-	fputs(cmd,fp);
++	fprintf(fp, "%s\n", cmd);
+=20
+ 	/* flush buffer */
+ 	fflush(fp);
+@@ -2728,3 +2732,182 @@ int string_to_time(char *buffer, time_t *t){
+=20
+ 	return OK;
+         }
++
++/* From Nagios 3.0.5, cgi/extcmd_list.c */
++
++#include <stdio.h>
++#include <unistd.h>
++#include <stdlib.h>
++#include "../include/common.h"
++
++struct nagios_extcmd {
++	const char *name;
++	int id;
++/*	size_t namelen;
++	int min_args;
++	int (*handler)(struct nagios_extcmd *, int, char **);
++	struct nagios_extcmd *next_handler;
++ */
++};
++
++#define CMD_DEF(name, min_args, handler) \
++	{ #name, CMD_ ## name }
++/*	{ #name, sizeof(#name) - 1, CMD_ ## name, min_args, handler, NULL } */
++struct nagios_extcmd in_core_commands[] =3D
++{
++	CMD_DEF(NONE, 0, NULL),
++	CMD_DEF(ADD_HOST_COMMENT, 0, NULL),
++	CMD_DEF(DEL_HOST_COMMENT, 0, NULL),
++	CMD_DEF(ADD_SVC_COMMENT, 0, NULL),
++	CMD_DEF(DEL_SVC_COMMENT, 0, NULL),
++	CMD_DEF(ENABLE_SVC_CHECK, 0, NULL),
++	CMD_DEF(DISABLE_SVC_CHECK, 0, NULL),
++	CMD_DEF(SCHEDULE_SVC_CHECK, 0, NULL),
++	CMD_DEF(DELAY_SVC_NOTIFICATION, 0, NULL),
++	CMD_DEF(DELAY_HOST_NOTIFICATION, 0, NULL),
++	CMD_DEF(DISABLE_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(RESTART_PROCESS, 0, NULL),
++	CMD_DEF(SHUTDOWN_PROCESS, 0, NULL),
++	CMD_DEF(ENABLE_HOST_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOST_SVC_CHECKS, 0, NULL),
++	CMD_DEF(SCHEDULE_HOST_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DELAY_HOST_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DEL_ALL_HOST_COMMENTS, 0, NULL),
++	CMD_DEF(DEL_ALL_SVC_COMMENTS, 0, NULL),
++	CMD_DEF(ENABLE_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL),
++	CMD_DEF(DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL),
++	CMD_DEF(ENABLE_HOST_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_HOST_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(PROCESS_SERVICE_CHECK_RESULT, 0, NULL),
++	CMD_DEF(SAVE_STATE_INFORMATION, 0, NULL),
++	CMD_DEF(READ_STATE_INFORMATION, 0, NULL),
++	CMD_DEF(ACKNOWLEDGE_HOST_PROBLEM, 0, NULL),
++	CMD_DEF(ACKNOWLEDGE_SVC_PROBLEM, 0, NULL),
++	CMD_DEF(START_EXECUTING_SVC_CHECKS, 0, NULL),
++	CMD_DEF(STOP_EXECUTING_SVC_CHECKS, 0, NULL),
++	CMD_DEF(START_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(STOP_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_EVENT_HANDLERS, 0, NULL),
++	CMD_DEF(DISABLE_EVENT_HANDLERS, 0, NULL),
++	CMD_DEF(ENABLE_HOST_EVENT_HANDLER, 0, NULL),
++	CMD_DEF(DISABLE_HOST_EVENT_HANDLER, 0, NULL),
++	CMD_DEF(ENABLE_SVC_EVENT_HANDLER, 0, NULL),
++	CMD_DEF(DISABLE_SVC_EVENT_HANDLER, 0, NULL),
++	CMD_DEF(ENABLE_HOST_CHECK, 0, NULL),
++	CMD_DEF(DISABLE_HOST_CHECK, 0, NULL),
++	CMD_DEF(START_OBSESSING_OVER_SVC_CHECKS, 0, NULL),
++	CMD_DEF(STOP_OBSESSING_OVER_SVC_CHECKS, 0, NULL),
++	CMD_DEF(REMOVE_HOST_ACKNOWLEDGEMENT, 0, NULL),
++	CMD_DEF(REMOVE_SVC_ACKNOWLEDGEMENT, 0, NULL),
++	CMD_DEF(SCHEDULE_FORCED_HOST_SVC_CHECKS, 0, NULL),
++	CMD_DEF(SCHEDULE_FORCED_SVC_CHECK, 0, NULL),
++	CMD_DEF(SCHEDULE_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(SCHEDULE_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(ENABLE_HOST_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(DISABLE_HOST_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(ENABLE_SVC_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(DISABLE_SVC_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(ENABLE_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(DISABLE_FLAP_DETECTION, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_SVC_CHECKS, 0, NULL),
++	CMD_DEF(CANCEL_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_ACTIVE_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_PENDING_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_ACTIVE_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_PENDING_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_ACTIVE_HOST_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(CANCEL_PENDING_HOST_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(FLUSH_PENDING_COMMANDS, 0, NULL),
++	CMD_DEF(DEL_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(DEL_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(ENABLE_FAILURE_PREDICTION, 0, NULL),
++	CMD_DEF(DISABLE_FAILURE_PREDICTION, 0, NULL),
++	CMD_DEF(ENABLE_PERFORMANCE_DATA, 0, NULL),
++	CMD_DEF(DISABLE_PERFORMANCE_DATA, 0, NULL),
++	CMD_DEF(SCHEDULE_HOSTGROUP_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(SCHEDULE_HOSTGROUP_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(SCHEDULE_HOST_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(PROCESS_HOST_CHECK_RESULT, 0, NULL),
++	CMD_DEF(START_EXECUTING_HOST_CHECKS, 0, NULL),
++	CMD_DEF(STOP_EXECUTING_HOST_CHECKS, 0, NULL),
++	CMD_DEF(START_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(STOP_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(START_OBSESSING_OVER_HOST_CHECKS, 0, NULL),
++	CMD_DEF(STOP_OBSESSING_OVER_HOST_CHECKS, 0, NULL),
++	CMD_DEF(SCHEDULE_HOST_CHECK, 0, NULL),
++	CMD_DEF(SCHEDULE_FORCED_HOST_CHECK, 0, NULL),
++	CMD_DEF(START_OBSESSING_OVER_SVC, 0, NULL),
++	CMD_DEF(STOP_OBSESSING_OVER_SVC, 0, NULL),
++	CMD_DEF(START_OBSESSING_OVER_HOST, 0, NULL),
++	CMD_DEF(STOP_OBSESSING_OVER_HOST, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_HOST_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_HOST_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
++	CMD_DEF(SCHEDULE_SERVICEGROUP_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(SCHEDULE_SERVICEGROUP_SVC_DOWNTIME, 0, NULL),
++	CMD_DEF(CHANGE_NORMAL_HOST_CHECK_INTERVAL, 0, NULL),
++	CMD_DEF(CHANGE_NORMAL_SVC_CHECK_INTERVAL, 0, NULL),
++	CMD_DEF(CHANGE_RETRY_SVC_CHECK_INTERVAL, 0, NULL),
++	CMD_DEF(CHANGE_MAX_HOST_CHECK_ATTEMPTS, 0, NULL),
++	CMD_DEF(CHANGE_MAX_SVC_CHECK_ATTEMPTS, 0, NULL),
++	CMD_DEF(SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(ENABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(DISABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL),
++	CMD_DEF(SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME, 0, NULL),
++	CMD_DEF(ENABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL),
++	CMD_DEF(ENABLE_HOST_FRESHNESS_CHECKS, 0, NULL),
++	CMD_DEF(DISABLE_HOST_FRESHNESS_CHECKS, 0, NULL),
++	CMD_DEF(SET_HOST_NOTIFICATION_NUMBER, 0, NULL),
++	CMD_DEF(SET_SVC_NOTIFICATION_NUMBER, 0, NULL),
++};
++#undef CMD_DEF
++
++#ifndef ARRAY_SIZE
++# define ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0]))
++#endif
++static int extcmd_entries, extcmd_slots;
++
++const char *extcmd_get_name(int id)
++{
++	int i;
++
++	for (i =3D 0; i < ARRAY_SIZE(in_core_commands); i++) {
++		struct nagios_extcmd *ecmd;
++		ecmd =3D &in_core_commands[i];
++		if (ecmd->id =3D=3D id)
++			return ecmd->name;
++	}
++
++	return NULL;
++}
+diff --git a/include/common.h b/include/common.h
+index 8f4d3cd..d4be718 100644
+--- include/common.h
++++ include/common.h
+@@ -383,6 +383,7 @@
+ #define MAX_COMMAND_BUFFER                      8192    /* max length of =
raw or processed command line */
+=20
+ #define MAX_DATETIME_LENGTH			48
++#define MAX_EXTERNAL_COMMAND_LENGTH		8192
+=20
+=20
+ /************************* MODIFIED ATTRIBUTES **************************/
+--=20
+1.6.0.4
+
--=20
1.6.0.4
--- backport-fixes-for-CVE-2008-5027.5028.diff ends here ---
--=20
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual  =20
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook=20
    {_.-``-'         {_/            #

--FCuugMFkClbJLl1L
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkk/yQkACgkQthUKNsbL7Yg/JACfcWrB9cDVEO+6ELFAb0C3+0zm
PDYAnRr6LRP9cMj0LvV65mI+SOwPJJHb
=slkF
-----END PGP SIGNATURE-----

--FCuugMFkClbJLl1L--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cPaZyi1n7/%2BskDfkUq2kXnEwpEg>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation