Re: [Nagios-devel] Double escaping in $ARGx$
Posted: Wed Sep 16, 2009 8:17 pm
--Apple-Mail-139--49285596
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On 16 Sep 2009, at 20:17, Hiren Patel wrote:
> Ton Voon wrote:
>> Andreas' suggestion about checking for shell characters and using
>> an execv method for non-shell commands is captured here: http://tracker.nagios.org/view.php?id=86
>
> please see if the attached diffs are acceptable for the function
> checking for meta characters, I may pick this up to work on as I
> find it interesting.
>
>
> --- nagios.h 2008-12-14 16:52:23.000000000 +0200
> +++ /tmp/nagios.h 2009-09-16 21:10:18.000000000 +0200
> @@ -807,6 +807,7 @@
>
> char *get_program_version(void);
> char *get_program_modification_date(void);
> +int has_shell_metachars(const char *);
>
> mmapfile *mmap_fopen(char *); /* open a file read-only via mmap()
> */
> int mmap_fclose(mmapfile *);
> --- utils.c 2009-08-11 19:29:52.000000000 +0200
> +++ /tmp/utils.c 2009-09-16 21:06:05.000000000 +0200
> @@ -4589,7 +4589,12 @@
> return (char *)PROGRAM_MODIFICATION_DATE;
> }
>
> -
> +int has_shell_metachars(const char *s){
> + if (strpbrk(s,"!$^&*()~[]\\|{};? \t"))
> + return 1;
> + else
> + return 0;
> +}
>
> /******************************************************************/
> /*********************** CLEANUP FUNCTIONS ************************/
Hi Hiren,
Looks okay, but single quote looks missing. Can you add some tap
tests? Some example commands, and whether has_shell_metachars returns
the expected value would be great.
http://wiki.nagios.org/index.php/Nagios ... es#Testing
You'll need to do some tests in t-tap. Might be tricky to setup
because there's nothing yet for testing utils.c
Ton
--Apple-Mail-139--49285596
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On 16 Sep 2009, =
at 20:17, Hiren Patel wrote:Ton Voon =
wrote:Andreas' suggestion about checking =
for shell characters and using an execv method for non-shell =
commands is captured here: http://tracker.nagios.=
org/view.php?id=3D86please see if the attached =
diffs are acceptable for the function checking for meta characters, I =
may pick this up to work on as I find it interesting.--- =
nagios.h =
2008-12-14 16:52:23.000000000 +0200+++ /tmp/nagios.h =
2009-09-16 21:10:18.000000000 +0200@@ -807,6 +807,7 =
@@ char *get_program_version(void); char =
*get_program_modification_date(void);+int has_shell_metachars(const =
char *); mmapfile *mmap_fopen(char *); /* open a =
file read-only via mmap() */ int mmap_fclose(mmapfile *);--- =
utils.c =
2009-08-11 19:29:52.000000000 +0200+++ /tmp/utils.c =
2009-09-16 21:06:05.000000000 +0200@@ -4589,7 +4589,12 @@ =
=
return (char *)PROGRAM_MODIFICATION_DATE; =
}-+int =
has_shell_metachars(const char *s){+ if =
(strpbrk(s,"!$^&*()~[]\\|{};<>? \t"))+ </
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]