From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Dec 10 13:50:05 2008 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8CBC1065686; Wed, 10 Dec 2008 13:50:05 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 0A2938FC12; Wed, 10 Dec 2008 13:50:05 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=oXezS+Bsil/GF/gjKRkZvYaNrjScQG3zGv+U+kIg/4M1Ysv60apdBk5jt+67u5NZhLFkESGFpx9N/6fRVQoZvN3sALCEu/QjkWx6ysLHfPQZlAtstHDOsA9AFDgbn6EivQwUMaSly57UJ7Er0zu7+KdS+iy6UFXKGHuA0uL1xuU=; Received: from shadow.codelabs.ru (shadow.codelabs.ru [144.206.177.8]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1LAPRz-000PYy-6D; Wed, 10 Dec 2008 16:50:03 +0300 Date: Wed, 10 Dec 2008 16:50:01 +0300 From: Eygene Ryabinkin To: bug-followup@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Message-ID: References: <20081208123837.96AB6B8019@phoenix.codelabs.ru> <200812081240.mB8Ce1RS086101@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: <200812081240.mB8Ce1RS086101@freefall.freebsd.org> Sender: rea-fbsd@codelabs.ru Cc: jarrod@netleader.com.au Subject: Re: ports/129496: [vuxml] net-mgmt/nagios: document CVE-2008-5027 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 13:50:06 -0000 --FCuugMFkClbJLl1L Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good day. I had backported fixes for both CVE-2008-5027 and CVE-2008-5028 to Nagios 2.12. I had tested only compilability and rechecked the patch for sanity by eyes. I have no real system to test this on -- all my Nagios instances are using 3.x. So, if anyone will be able to test this -- it will be much appreciated. --- backport-fixes-for-CVE-2008-5027.5028.diff begins here --- =46rom dffe74ffbf00b87a022a31a2de718eb40d93eb6e Mon Sep 17 00:00:00 2001 =46rom: Eygene Ryabinkin Date: Wed, 10 Dec 2008 16:32:17 +0300 Subject: [PATCH] net-mgmt/nagios2: backport fixes for CVE-2008-5027 and 502= 8 from 3.0.6 Signed-off-by: Eygene Ryabinkin --- net-mgmt/nagios2/Makefile | 2 +- net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 | 720 +++++++++++++++++++= ++++ 2 files changed, 721 insertions(+), 1 deletions(-) create mode 100644 net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 diff --git a/net-mgmt/nagios2/Makefile b/net-mgmt/nagios2/Makefile index b919454..8cb2e07 100644 --- a/net-mgmt/nagios2/Makefile +++ b/net-mgmt/nagios2/Makefile @@ -7,7 +7,7 @@ =20 PORTNAME=3D nagios PORTVERSION=3D 2.12 -PORTREVISION=3D 1 +PORTREVISION=3D 2 CATEGORIES=3D net-mgmt MASTER_SITES=3D SF =20 diff --git a/net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 b/net-mgmt/nag= ios2/files/patch-CVE-2008-5027.5028 new file mode 100644 index 0000000..e19b36a --- /dev/null +++ b/net-mgmt/nagios2/files/patch-CVE-2008-5027.5028 @@ -0,0 +1,720 @@ +From bee4d15cd5ee18b1caa578b1b56cd71168754c2d Mon Sep 17 00:00:00 2001 +From: Eygene Ryabinkin +Date: Mon, 8 Dec 2008 22:15:13 +0300 +Subject: [PATCH] Nagios 2.12: backport cmd.cgi fixes (CSRF and command inj= ection) from 3.x + +Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/base/comm= ands.c?r1=3D1.107&r2=3D1.108&view=3Dpatch +Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/cmd.c= ?r1=3D1.44&r2=3D1.45&view=3Dpatch +Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/cmd.c= ?r1=3D1.45&r2=3D1.46&view=3Dpatch +Based on: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/extcm= d_list.c?revision=3D1.1 + +Signed-off-by: Eygene Ryabinkin +--- + base/commands.c | 4 +- + cgi/cmd.c | 447 ++++++++++++++++++++++++++++++++++++++-----------= ----- + include/common.h | 1 + + 3 files changed, 318 insertions(+), 134 deletions(-) + +diff --git a/base/commands.c b/base/commands.c +index 79de49b..5b5ab45 100644 +--- base/commands.c ++++ base/commands.c +@@ -204,9 +204,9 @@ void check_for_external_commands(void){ + else if(!strcmp(command_id,"ENTER_ACTIVE_MODE") || !strcmp(command_id,"= ENABLE_NOTIFICATIONS")) + command_type=3DCMD_ENABLE_NOTIFICATIONS; +=20 +- else if(!strcmp(command_id,"SHUTDOWN_PROGRAM")) ++ else if(!strcmp(command_id,"SHUTDOWN_PROGRAM") || !strcmp(command_id,"S= HUTDOWN_PROCESS")) + command_type=3DCMD_SHUTDOWN_PROCESS; +- else if(!strcmp(command_id,"RESTART_PROGRAM")) ++ else if(!strcmp(command_id,"RESTART_PROGRAM") || !strcmp(command_id,"RE= START_PROCESS")) + command_type=3DCMD_RESTART_PROCESS; +=20 + else if(!strcmp(command_id,"SAVE_STATE_INFORMATION")) +diff --git a/cgi/cmd.c b/cgi/cmd.c +index 63059bd..d36cab6 100644 +--- cgi/cmd.c ++++ cgi/cmd.c +@@ -31,6 +31,10 @@ + #include "../include/cgiauth.h" + #include "../include/getcgi.h" +=20 ++#include ++ ++extern const char *extcmd_get_name(int id); ++ + extern char main_config_file[MAX_FILENAME_LENGTH]; + extern char command_file[MAX_FILENAME_LENGTH]; + extern char comment_file[MAX_FILENAME_LENGTH]; +@@ -1825,6 +1829,35 @@ void commit_command_data(int cmd){ + return; + } +=20 ++__attribute__((format(printf, 2, 3))) ++static int cmd_submitf(int id, const char *fmt, ...) ++{ ++ char cmd[MAX_EXTERNAL_COMMAND_LENGTH]; ++ const char *command; ++ int len, len2; ++ va_list ap; ++ ++ command =3D extcmd_get_name(id); ++ /* ++ * We disallow sending 'CHANGE' commands from the cgi's ++ * until we do proper session handling to prevent cross-site ++ * request forgery ++ */ ++ if (!command || (strlen(command) > 6 && !memcmp("CHANGE", command, 6))) ++ return ERROR; ++ ++ len =3D snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command); ++ if (len < 0) ++ return ERROR; ++ ++ va_start(ap, fmt); ++ len2 =3D vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap); ++ va_end(ap); ++ if (len2 < 0) ++ return ERROR; ++ ++ return write_command_to_file(cmd); ++} +=20 + /* commits a command for processing */ + int commit_command(int cmd){ +@@ -1847,236 +1880,211 @@ int commit_command(int cmd){ + switch(cmd){ +=20 + case CMD_ADD_HOST_COMMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_HOST_COMMEN= T;%s;%d;%s;%s\n",current_time,host_name,(persistent_comment=3D=3DTRUE)?1:0,= comment_author,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%d;%s;%s",host_name,(persistent_comment= =3D=3DTRUE)?1:0,comment_author,comment_data); + break; +- =09 ++ + case CMD_ADD_SVC_COMMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_SVC_COMMENT= ;%s;%s;%d;%s;%s\n",current_time,host_name,service_desc,(persistent_comment= =3D=3DTRUE)?1:0,comment_author,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%s;%d;%s;%s",host_name,service_desc,(per= sistent_comment=3D=3DTRUE)?1:0,comment_author,comment_data); + break; +=20 + case CMD_DEL_HOST_COMMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_HOST_COMMEN= T;%lu\n",current_time,comment_id); +- break; +- =09 + case CMD_DEL_SVC_COMMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_SVC_COMMENT= ;%lu\n",current_time,comment_id); ++ result =3D cmd_submitf(cmd,"%lu",comment_id); + break; +- =09 ++ + case CMD_DELAY_HOST_NOTIFICATION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_HOST_NOTI= FICATION;%s;%lu\n",current_time,host_name,notification_time); ++ result =3D cmd_submitf(cmd,"%s;%lu",host_name,notification_time); + break; +=20 + case CMD_DELAY_SVC_NOTIFICATION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_SVC_NOTIF= ICATION;%s;%s;%lu\n",current_time,host_name,service_desc,notification_time); ++ result =3D cmd_submitf(cmd,"%s;%s;%lu",host_name,service_desc,notificat= ion_time); + break; +=20 + case CMD_SCHEDULE_SVC_CHECK: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sSVC_= CHECK;%s;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",host_n= ame,service_desc,start_time); ++ result =3D cmd_submitf((force_check=3D=3DTRUE)?CMD_SCHEDULE_FORCED_SVC_= CHECK:cmd,"%s;%s;%lu",host_name,service_desc,start_time); + break; +=20 + case CMD_ENABLE_SVC_CHECK: + case CMD_DISABLE_SVC_CHECK: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_CHECK;%s= ;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_CHECK)?"ENABLE":"DISABLE",host= _name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_DISABLE_NOTIFICATIONS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DISABLE_NOTIFIC= ATIONS;%lu\n",current_time,scheduled_time); +- break; +- =09 + case CMD_ENABLE_NOTIFICATIONS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ENABLE_NOTIFICA= TIONS;%lu\n",current_time,scheduled_time); +- break; +- =09 + case CMD_SHUTDOWN_PROCESS: + case CMD_RESTART_PROCESS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PROGRAM;%lu\= n",current_time,(cmd=3D=3DCMD_SHUTDOWN_PROCESS)?"SHUTDOWN":"RESTART",schedu= led_time); ++ result =3D cmd_submitf(cmd,"%lu",scheduled_time); + break; +=20 + case CMD_ENABLE_HOST_SVC_CHECKS: + case CMD_DISABLE_HOST_SVC_CHECKS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CH= ECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_SVC_CHECKS)?"ENABLE":"DIS= ABLE",host_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CH= ECKS;%s\n[%lu] %s_HOST_CHECK;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_S= VC_CHECKS)?"ENABLE":"DISABLE",host_name,current_time,(cmd=3D=3DCMD_ENABLE_H= OST_SVC_CHECKS)?"ENABLE":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd =3D=3D CMD_ENABLE_HOST_SVC_CHECKS?CMD_ENA= BLE_HOST_CHECK:CMD_DISABLE_HOST_CHECK),"%s",host_name); + break; +- =09 ++ + case CMD_SCHEDULE_HOST_SVC_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST= _SVC_CHECKS;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",hos= t_name,scheduled_time); ++ result =3D cmd_submitf((force_check=3D=3DTRUE?CMD_SCHEDULE_FORCED_HOST_= SVC_CHECKS:cmd),"%s;%lu",host_name,scheduled_time); + break; +=20 + case CMD_DEL_ALL_HOST_COMMENTS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_HOST_CO= MMENTS;%s\n",current_time,host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_DEL_ALL_SVC_COMMENTS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_SVC_COM= MENTS;%s;%s\n",current_time,host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +=20 + case CMD_ENABLE_SVC_NOTIFICATIONS: + case CMD_DISABLE_SVC_NOTIFICATIONS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_NOTIFICA= TIONS;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_NOTIFICATIONS)?"ENABLE= ":"DISABLE",host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_ENABLE_HOST_NOTIFICATIONS: + case CMD_DISABLE_HOST_NOTIFICATIONS: + if(propagate_to_children=3D=3DTRUE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_AND_CH= ILD_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATION= S)?"ENABLE":"DISABLE",host_name); ++ result =3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATIONS?CMD_ENA= BLE_HOST_AND_CHILD_NOTIFICATIONS:CMD_DISABLE_HOST_AND_CHILD_NOTIFICATIONS),= "%s",host_name); + else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_NOTIFI= CATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_NOTIFICATIONS)?"ENABLE= ":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST: + case CMD_DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ALL_NOTIFICA= TIONS_BEYOND_HOST;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_ALL_NOTIFICATIONS= _BEYOND_HOST)?"ENABLE":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_ENABLE_HOST_SVC_NOTIFICATIONS: + case CMD_DISABLE_HOST_SVC_NOTIFICATIONS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NO= TIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS)= ?"ENABLE":"DISABLE",host_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NO= TIFICATIONS;%s\n[%lu] %s_HOST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCM= D_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name,current_time,= (cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOST_SVC_NOTIFICATIONS?CM= D_ENABLE_HOST_NOTIFICATIONS:CMD_DISABLE_HOST_NOTIFICATIONS),"%s",host_name); + break; +- =09 ++ + case CMD_ACKNOWLEDGE_HOST_PROBLEM: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_HOS= T_PROBLEM;%s;%d;%d;%d;%s;%s\n",current_time,host_name,(sticky_ack=3D=3DTRUE= )?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification=3D=3DTRU= E)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%d;%d;%d;%s;%s",host_name,(sticky_ack=3D= =3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification= =3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,comment_d= ata); + break; +- =09 ++ + case CMD_ACKNOWLEDGE_SVC_PROBLEM: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_SVC= _PROBLEM;%s;%s;%d;%d;%d;%s;%s\n",current_time,host_name,service_desc,(stick= y_ack=3D=3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notifi= cation=3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_author,com= ment_data); ++ result =3D cmd_submitf(cmd,"%s;%s;%d;%d;%d;%s;%s",host_name,service_des= c,(sticky_ack=3D=3DTRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(sen= d_notification=3D=3DTRUE)?1:0,(persistent_comment=3D=3DTRUE)?1:0,comment_au= thor,comment_data); + break; +=20 + case CMD_START_EXECUTING_SVC_CHECKS: + case CMD_STOP_EXECUTING_SVC_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_SV= C_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_EXECUTING_SVC_CHECKS)?"START"= :"STOP"); +- break; +- + case CMD_START_ACCEPTING_PASSIVE_SVC_CHECKS: + case CMD_STOP_ACCEPTING_PASSIVE_SVC_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PA= SSIVE_SVC_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_ACCEPTING_PASSIVE_SVC= _CHECKS)?"START":"STOP"); ++ result =3D cmd_submitf(cmd,""); + break; +=20 + case CMD_ENABLE_PASSIVE_SVC_CHECKS: + case CMD_DISABLE_PASSIVE_SVC_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_SVC_= CHECKS;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_PASSIVE_SVC_CHECKS)?"ENAB= LE":"DISABLE",host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_ENABLE_EVENT_HANDLERS: + case CMD_DISABLE_EVENT_HANDLERS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EVENT_HANDLE= RS;\n",current_time,(cmd=3D=3DCMD_ENABLE_EVENT_HANDLERS)?"ENABLE":"DISABLE"= ); ++ result =3D cmd_submitf(cmd,""); + break; +=20 + case CMD_ENABLE_SVC_EVENT_HANDLER: + case CMD_DISABLE_SVC_EVENT_HANDLER: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_EVENT_HA= NDLER;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_EVENT_HANDLER)?"ENABLE= ":"DISABLE",host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_ENABLE_HOST_EVENT_HANDLER: + case CMD_DISABLE_HOST_EVENT_HANDLER: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_EVENT_H= ANDLER;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_EVENT_HANDLER)?"ENABLE"= :"DISABLE",host_name); +- break; +- =09 + case CMD_ENABLE_HOST_CHECK: + case CMD_DISABLE_HOST_CHECK: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_CHECK;%= s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_CHECK)?"ENABLE":"DISABLE",host_= name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_START_OBSESSING_OVER_SVC_CHECKS: + case CMD_STOP_OBSESSING_OVER_SVC_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV= ER_SVC_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_SVC_CHECK= S)?"START":"STOP"); ++ result =3D cmd_submitf(cmd,""); + break; +- =09 ++ + case CMD_REMOVE_HOST_ACKNOWLEDGEMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_HOST_ACK= NOWLEDGEMENT;%s\n",current_time,host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_REMOVE_SVC_ACKNOWLEDGEMENT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_SVC_ACKN= OWLEDGEMENT;%s;%s\n",current_time,host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_PROCESS_SERVICE_CHECK_RESULT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_SERVICE= _CHECK_RESULT;%s;%s;%d;%s|%s\n",current_time,host_name,service_desc,plugin_= state,plugin_output,performance_data); ++ result =3D cmd_submitf(cmd,"%s;%s;%d;%s|%s",host_name,service_desc,plug= in_state,plugin_output,performance_data); + break; +- =09 ++ + case CMD_PROCESS_HOST_CHECK_RESULT: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_HOST_CH= ECK_RESULT;%s;%d;%s|%s\n",current_time,host_name,plugin_state,plugin_output= ,performance_data); ++ result =3D cmd_submitf(cmd,"%s;%d;%s|%s",host_name,plugin_state,plugin_= output,performance_data); + break; +- =09 ++ + case CMD_SCHEDULE_HOST_DOWNTIME: + if(child_options=3D=3D1) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_P= ROPAGATE_TRIGGERED_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_tim= e,host_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration= ,comment_author,comment_data); ++ cmd =3D CMD_SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME; + else if(child_options=3D=3D2) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_P= ROPAGATE_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_nam= e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_a= uthor,comment_data); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOST_= DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,start_time,e= nd_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_author,comment_= data); ++ cmd =3D CMD_SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME; ++ result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,star= t_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_author,= comment_data); + break; +- =09 ++ + case CMD_SCHEDULE_SVC_DOWNTIME: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SVC_DO= WNTIME;%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,service_des= c,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration,comment_a= uthor,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,s= ervice_desc,start_time,end_time,(fixed=3D=3DTRUE)?1:0,triggered_by,duration= ,comment_author,comment_data); + break; +- =09 ++ + case CMD_ENABLE_HOST_FLAP_DETECTION: + case CMD_DISABLE_HOST_FLAP_DETECTION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_FLAP_DE= TECTION;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOST_FLAP_DETECTION)?"ENABL= E":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +- =09 ++ + case CMD_ENABLE_SVC_FLAP_DETECTION: + case CMD_DISABLE_SVC_FLAP_DETECTION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_FLAP_DET= ECTION;%s;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SVC_FLAP_DETECTION)?"ENAB= LE":"DISABLE",host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +- =09 ++ + case CMD_ENABLE_FLAP_DETECTION: + case CMD_DISABLE_FLAP_DETECTION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FLAP_DETECTI= ON\n",current_time,(cmd=3D=3DCMD_ENABLE_FLAP_DETECTION)?"ENABLE":"DISABLE"); ++ result =3D cmd_submitf(cmd,""); + break; +- =09 ++ + case CMD_DEL_HOST_DOWNTIME: + case CMD_DEL_SVC_DOWNTIME: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_%s_DOWNTIME= ;%lu\n",current_time,(cmd=3D=3DCMD_DEL_HOST_DOWNTIME)?"HOST":"SVC",downtime= _id); ++ result =3D cmd_submitf(cmd,"%lu",downtime_id); + break; +=20 + case CMD_ENABLE_FAILURE_PREDICTION: + case CMD_DISABLE_FAILURE_PREDICTION: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FAILURE_PRED= ICTION\n",current_time,(cmd=3D=3DCMD_ENABLE_FAILURE_PREDICTION)?"ENABLE":"D= ISABLE"); +- break; +- =09 + case CMD_ENABLE_PERFORMANCE_DATA: + case CMD_DISABLE_PERFORMANCE_DATA: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PERFORMANCE_= DATA\n",current_time,(cmd=3D=3DCMD_ENABLE_PERFORMANCE_DATA)?"ENABLE":"DISAB= LE"); +- break; +- =09 + case CMD_START_EXECUTING_HOST_CHECKS: + case CMD_STOP_EXECUTING_HOST_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_HO= ST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_EXECUTING_HOST_CHECKS)?"STAR= T":"STOP"); +- break; +- + case CMD_START_ACCEPTING_PASSIVE_HOST_CHECKS: + case CMD_STOP_ACCEPTING_PASSIVE_HOST_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PA= SSIVE_HOST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_ACCEPTING_PASSIVE_HO= ST_CHECKS)?"START":"STOP"); ++ result =3D cmd_submitf(cmd,""); + break; +=20 + case CMD_ENABLE_PASSIVE_HOST_CHECKS: + case CMD_DISABLE_PASSIVE_HOST_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_HOST= _CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_PASSIVE_HOST_CHECKS)?"ENABL= E":"DISABLE",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +=20 + case CMD_START_OBSESSING_OVER_HOST_CHECKS: + case CMD_STOP_OBSESSING_OVER_HOST_CHECKS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV= ER_HOST_CHECKS;\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_HOST_CHE= CKS)?"START":"STOP"); ++ result =3D cmd_submitf(cmd,""); + break; +=20 + case CMD_SCHEDULE_HOST_CHECK: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST= _CHECK;%s;%lu\n",current_time,(force_check=3D=3DTRUE)?"FORCED_":"",host_nam= e,start_time); ++ if (force_check=3D=3DTRUE) ++ cmd =3D CMD_SCHEDULE_FORCED_HOST_CHECK; ++ result =3D cmd_submitf(cmd,"%s;%lu",host_name,start_time); + break; +=20 + case CMD_START_OBSESSING_OVER_SVC: + case CMD_STOP_OBSESSING_OVER_SVC: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV= ER_SVC;%s;%s\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_SVC)?"START= ":"STOP",host_name,service_desc); ++ result =3D cmd_submitf(cmd,"%s;%s",host_name,service_desc); + break; +=20 + case CMD_START_OBSESSING_OVER_HOST: + case CMD_STOP_OBSESSING_OVER_HOST: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OV= ER_HOST;%s\n",current_time,(cmd=3D=3DCMD_START_OBSESSING_OVER_HOST)?"START"= :"STOP",host_name); ++ result =3D cmd_submitf(cmd,"%s",host_name); + break; +=20 +=20 +@@ -2084,34 +2092,31 @@ int commit_command(int cmd){ +=20 + case CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS: + case CMD_DISABLE_HOSTGROUP_SVC_NOTIFICATIONS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S= VC_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTI= FICATIONS)?"ENABLE":"DISABLE",hostgroup_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S= VC_NOTIFICATIONS;%s\n[%lu] %s_HOSTGROUP_HOST_NOTIFICATIONS;%s\n",current_ti= me,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",hos= tgroup_name,current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?= "ENABLE":"DISABLE",hostgroup_name); ++ result =3D cmd_submitf(cmd,"%s",hostgroup_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIO= NS?CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS:CMD_DISABLE_HOSTGROUP_HOST_NOTIF= ICATIONS),"%s",hostgroup_name); + break; +=20 + case CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS: + case CMD_DISABLE_HOSTGROUP_HOST_NOTIFICATIONS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_HO= ST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_HOST_NOT= IFICATIONS)?"ENABLE":"DISABLE",hostgroup_name); ++ result =3D cmd_submitf(cmd,"%s",hostgroup_name); + break; +=20 + case CMD_ENABLE_HOSTGROUP_SVC_CHECKS: + case CMD_DISABLE_HOSTGROUP_SVC_CHECKS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S= VC_CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"EN= ABLE":"DISABLE",hostgroup_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_S= VC_CHECKS;%s\n[%lu] %s_HOSTGROUP_HOST_CHECKS;%s\n",current_time,(cmd=3D=3DC= MD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup_name,current_t= ime,(cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup= _name); ++ result =3D cmd_submitf(cmd,"%s",hostgroup_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_HOSTGROUP_SVC_CHECKS?CMD_= ENABLE_HOSTGROUP_HOST_CHECKS:CMD_DISABLE_HOSTGROUP_HOST_CHECKS),"%s",hostgr= oup_name); + break; +=20 + case CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTGR= OUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,= start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_d= ata); ++ result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,s= tart_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_da= ta); + break; +=20 + case CMD_SCHEDULE_HOSTGROUP_SVC_DOWNTIME: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTG= ROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,= start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_d= ata); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTG= ROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_HOSTGROUP_HOST_= DOWNTIME;%s;%lu;%lu;%d;%lu;%s;%s\n",current_time,hostgroup_name,start_time,= end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_data,current= _time,hostgroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,com= ment_author,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,s= tart_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_da= ta); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf(CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME,"%s;%lu;%= lu;%d;%lu;%s;%s",hostgroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,d= uration,comment_author,comment_data); + break; +=20 +=20 +@@ -2119,34 +2124,31 @@ int commit_command(int cmd){ +=20 + case CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS: + case CMD_DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU= P_SVC_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SV= C_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU= P_SVC_NOTIFICATIONS;%s\n[%lu] %s_SERVICEGROUP_HOST_NOTIFICATIONS;%s\n",curr= ent_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DIS= ABLE",servicegroup_name,current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_= NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name); ++ result =3D cmd_submitf(cmd,"%s",servicegroup_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_NOTIFICA= TIONS?CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS:CMD_DISABLE_SERVICEGROUP_H= OST_NOTIFICATIONS),"%s",servicegroup_name); + break; +=20 + case CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS: + case CMD_DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP= _HOST_NOTIFICATIONS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_HO= ST_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name); ++ result =3D cmd_submitf(cmd,"%s",servicegroup_name); + break; +=20 + case CMD_ENABLE_SERVICEGROUP_SVC_CHECKS: + case CMD_DISABLE_SERVICEGROUP_SVC_CHECKS: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU= P_SVC_CHECKS;%s\n",current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECK= S)?"ENABLE":"DISABLE",servicegroup_name); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROU= P_SVC_CHECKS;%s\n[%lu] %s_SERVICEGROUP_HOST_CHECKS;%s\n",current_time,(cmd= =3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",servicegroup_n= ame,current_time,(cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DI= SABLE",servicegroup_name); ++ result =3D cmd_submitf(cmd,"%s",servicegroup_name); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf((cmd=3D=3DCMD_ENABLE_SERVICEGROUP_SVC_CHECKS?C= MD_ENABLE_SERVICEGROUP_HOST_CHECKS:CMD_DISABLE_SERVICEGROUP_HOST_CHECKS),"%= s",servicegroup_name); + break; +=20 + case CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME: +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVIC= EGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup= _name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,com= ment_data); ++ result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_nam= e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment= _data); + break; +=20 + case CMD_SCHEDULE_SERVICEGROUP_SVC_DOWNTIME: +- if(affect_host_and_services=3D=3DFALSE) +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVI= CEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup= _name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,com= ment_data); +- else +- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVI= CEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_SERVICEGROUP= _HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%s;%s\n",current_time,servicegroup_name,st= art_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment_dat= a,current_time,servicegroup_name,start_time,end_time,(fixed=3D=3DTRUE)?1:0,= duration,comment_author,comment_data); ++ result =3D cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_nam= e,start_time,end_time,(fixed=3D=3DTRUE)?1:0,duration,comment_author,comment= _data); ++ if(affect_host_and_services=3D=3DTRUE) ++ result |=3D cmd_submitf(CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME,"%s;%l= u;%lu;%d;%lu;%s;%s",servicegroup_name,start_time,end_time,(fixed=3D=3DTRUE)= ?1:0,duration,comment_author,comment_data); + break; +=20 + default: +@@ -2154,12 +2156,6 @@ int commit_command(int cmd){ + break; + } +=20 +- /* make sure command buffer is terminated */ +- command_buffer[sizeof(command_buffer)-1]=3D'\x0'; +- +- /* write the command to the command file */ +- result=3Dwrite_command_to_file(command_buffer); +- + return result; + } +=20 +@@ -2170,6 +2166,14 @@ int write_command_to_file(char *cmd){ + FILE *fp; + struct stat statbuf; +=20 ++ /* ++ * Commands are not allowed to have newlines in them, as ++ * that allows malicious users to hand-craft requests that ++ * bypass the access-restrictions. ++ */ ++ if (!cmd || !*cmd || strchr(cmd, '\n')) ++ return ERROR; ++ + /* bail out if the external command file doesn't exist */ + if(stat(command_file,&statbuf)){ +=20 +@@ -2202,7 +2206,7 @@ int write_command_to_file(char *cmd){ + } +=20 + /* write the command to file */ +- fputs(cmd,fp); ++ fprintf(fp, "%s\n", cmd); +=20 + /* flush buffer */ + fflush(fp); +@@ -2728,3 +2732,182 @@ int string_to_time(char *buffer, time_t *t){ +=20 + return OK; + } ++ ++/* From Nagios 3.0.5, cgi/extcmd_list.c */ ++ ++#include ++#include ++#include ++#include "../include/common.h" ++ ++struct nagios_extcmd { ++ const char *name; ++ int id; ++/* size_t namelen; ++ int min_args; ++ int (*handler)(struct nagios_extcmd *, int, char **); ++ struct nagios_extcmd *next_handler; ++ */ ++}; ++ ++#define CMD_DEF(name, min_args, handler) \ ++ { #name, CMD_ ## name } ++/* { #name, sizeof(#name) - 1, CMD_ ## name, min_args, handler, NULL } */ ++struct nagios_extcmd in_core_commands[] =3D ++{ ++ CMD_DEF(NONE, 0, NULL), ++ CMD_DEF(ADD_HOST_COMMENT, 0, NULL), ++ CMD_DEF(DEL_HOST_COMMENT, 0, NULL), ++ CMD_DEF(ADD_SVC_COMMENT, 0, NULL), ++ CMD_DEF(DEL_SVC_COMMENT, 0, NULL), ++ CMD_DEF(ENABLE_SVC_CHECK, 0, NULL), ++ CMD_DEF(DISABLE_SVC_CHECK, 0, NULL), ++ CMD_DEF(SCHEDULE_SVC_CHECK, 0, NULL), ++ CMD_DEF(DELAY_SVC_NOTIFICATION, 0, NULL), ++ CMD_DEF(DELAY_HOST_NOTIFICATION, 0, NULL), ++ CMD_DEF(DISABLE_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(RESTART_PROCESS, 0, NULL), ++ CMD_DEF(SHUTDOWN_PROCESS, 0, NULL), ++ CMD_DEF(ENABLE_HOST_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOST_SVC_CHECKS, 0, NULL), ++ CMD_DEF(SCHEDULE_HOST_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DELAY_HOST_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DEL_ALL_HOST_COMMENTS, 0, NULL), ++ CMD_DEF(DEL_ALL_SVC_COMMENTS, 0, NULL), ++ CMD_DEF(ENABLE_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL), ++ CMD_DEF(DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL), ++ CMD_DEF(ENABLE_HOST_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_HOST_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(PROCESS_SERVICE_CHECK_RESULT, 0, NULL), ++ CMD_DEF(SAVE_STATE_INFORMATION, 0, NULL), ++ CMD_DEF(READ_STATE_INFORMATION, 0, NULL), ++ CMD_DEF(ACKNOWLEDGE_HOST_PROBLEM, 0, NULL), ++ CMD_DEF(ACKNOWLEDGE_SVC_PROBLEM, 0, NULL), ++ CMD_DEF(START_EXECUTING_SVC_CHECKS, 0, NULL), ++ CMD_DEF(STOP_EXECUTING_SVC_CHECKS, 0, NULL), ++ CMD_DEF(START_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(STOP_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_EVENT_HANDLERS, 0, NULL), ++ CMD_DEF(DISABLE_EVENT_HANDLERS, 0, NULL), ++ CMD_DEF(ENABLE_HOST_EVENT_HANDLER, 0, NULL), ++ CMD_DEF(DISABLE_HOST_EVENT_HANDLER, 0, NULL), ++ CMD_DEF(ENABLE_SVC_EVENT_HANDLER, 0, NULL), ++ CMD_DEF(DISABLE_SVC_EVENT_HANDLER, 0, NULL), ++ CMD_DEF(ENABLE_HOST_CHECK, 0, NULL), ++ CMD_DEF(DISABLE_HOST_CHECK, 0, NULL), ++ CMD_DEF(START_OBSESSING_OVER_SVC_CHECKS, 0, NULL), ++ CMD_DEF(STOP_OBSESSING_OVER_SVC_CHECKS, 0, NULL), ++ CMD_DEF(REMOVE_HOST_ACKNOWLEDGEMENT, 0, NULL), ++ CMD_DEF(REMOVE_SVC_ACKNOWLEDGEMENT, 0, NULL), ++ CMD_DEF(SCHEDULE_FORCED_HOST_SVC_CHECKS, 0, NULL), ++ CMD_DEF(SCHEDULE_FORCED_SVC_CHECK, 0, NULL), ++ CMD_DEF(SCHEDULE_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(SCHEDULE_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(ENABLE_HOST_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(DISABLE_HOST_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(ENABLE_SVC_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(DISABLE_SVC_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(ENABLE_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(DISABLE_FLAP_DETECTION, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_SVC_CHECKS, 0, NULL), ++ CMD_DEF(CANCEL_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_ACTIVE_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_PENDING_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_ACTIVE_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_PENDING_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_ACTIVE_HOST_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(CANCEL_PENDING_HOST_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(FLUSH_PENDING_COMMANDS, 0, NULL), ++ CMD_DEF(DEL_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(DEL_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(ENABLE_FAILURE_PREDICTION, 0, NULL), ++ CMD_DEF(DISABLE_FAILURE_PREDICTION, 0, NULL), ++ CMD_DEF(ENABLE_PERFORMANCE_DATA, 0, NULL), ++ CMD_DEF(DISABLE_PERFORMANCE_DATA, 0, NULL), ++ CMD_DEF(SCHEDULE_HOSTGROUP_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(SCHEDULE_HOSTGROUP_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(SCHEDULE_HOST_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(PROCESS_HOST_CHECK_RESULT, 0, NULL), ++ CMD_DEF(START_EXECUTING_HOST_CHECKS, 0, NULL), ++ CMD_DEF(STOP_EXECUTING_HOST_CHECKS, 0, NULL), ++ CMD_DEF(START_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(STOP_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(START_OBSESSING_OVER_HOST_CHECKS, 0, NULL), ++ CMD_DEF(STOP_OBSESSING_OVER_HOST_CHECKS, 0, NULL), ++ CMD_DEF(SCHEDULE_HOST_CHECK, 0, NULL), ++ CMD_DEF(SCHEDULE_FORCED_HOST_CHECK, 0, NULL), ++ CMD_DEF(START_OBSESSING_OVER_SVC, 0, NULL), ++ CMD_DEF(STOP_OBSESSING_OVER_SVC, 0, NULL), ++ CMD_DEF(START_OBSESSING_OVER_HOST, 0, NULL), ++ CMD_DEF(STOP_OBSESSING_OVER_HOST, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_HOST_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_HOST_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL), ++ CMD_DEF(SCHEDULE_SERVICEGROUP_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(SCHEDULE_SERVICEGROUP_SVC_DOWNTIME, 0, NULL), ++ CMD_DEF(CHANGE_NORMAL_HOST_CHECK_INTERVAL, 0, NULL), ++ CMD_DEF(CHANGE_NORMAL_SVC_CHECK_INTERVAL, 0, NULL), ++ CMD_DEF(CHANGE_RETRY_SVC_CHECK_INTERVAL, 0, NULL), ++ CMD_DEF(CHANGE_MAX_HOST_CHECK_ATTEMPTS, 0, NULL), ++ CMD_DEF(CHANGE_MAX_SVC_CHECK_ATTEMPTS, 0, NULL), ++ CMD_DEF(SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(ENABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(DISABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL), ++ CMD_DEF(SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME, 0, NULL), ++ CMD_DEF(ENABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL), ++ CMD_DEF(ENABLE_HOST_FRESHNESS_CHECKS, 0, NULL), ++ CMD_DEF(DISABLE_HOST_FRESHNESS_CHECKS, 0, NULL), ++ CMD_DEF(SET_HOST_NOTIFICATION_NUMBER, 0, NULL), ++ CMD_DEF(SET_SVC_NOTIFICATION_NUMBER, 0, NULL), ++}; ++#undef CMD_DEF ++ ++#ifndef ARRAY_SIZE ++# define ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0])) ++#endif ++static int extcmd_entries, extcmd_slots; ++ ++const char *extcmd_get_name(int id) ++{ ++ int i; ++ ++ for (i =3D 0; i < ARRAY_SIZE(in_core_commands); i++) { ++ struct nagios_extcmd *ecmd; ++ ecmd =3D &in_core_commands[i]; ++ if (ecmd->id =3D=3D id) ++ return ecmd->name; ++ } ++ ++ return NULL; ++} +diff --git a/include/common.h b/include/common.h +index 8f4d3cd..d4be718 100644 +--- include/common.h ++++ include/common.h +@@ -383,6 +383,7 @@ + #define MAX_COMMAND_BUFFER 8192 /* max length of = raw or processed command line */ +=20 + #define MAX_DATETIME_LENGTH 48 ++#define MAX_EXTERNAL_COMMAND_LENGTH 8192 +=20 +=20 + /************************* MODIFIED ATTRIBUTES **************************/ +--=20 +1.6.0.4 + --=20 1.6.0.4 --- backport-fixes-for-CVE-2008-5027.5028.diff ends here --- --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkk/yQkACgkQthUKNsbL7Yg/JACfcWrB9cDVEO+6ELFAb0C3+0zm PDYAnRr6LRP9cMj0LvV65mI+SOwPJJHb =slkF -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L--