--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Dear Folks,
I think Nagios 2.0b1 needs this patch is needed to ensure that illegal
characters from macros used in notify command do not confuse the shell
when it comes to execute the macro substitued notify command.
For example, my employer's Nag checks CGIs that require '&'
in the query_strings.
When such a check fails it usually outputs the failed request -
including the '&' characters.
If in addition, the quoting of the macros breaks down - because the
plugin output also contains '"" characters, the notify command will
fail.
I am not sure if this isn't better done in the get_macro_ functions, but
this seems to work for me (in production for about 5 minutes now ...)
Yours sincerely.
--
Stanley Hopcroft
IP Australia
Ph: (02) 6283 3189 Fax: (02) 6281 1353
PO Box 200 Woden ACT 2606
http://www.ipaustralia.gov.au
--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="SMH001-Nag-2.0b1-clean_illegal_chars.pat"
diff -r -u nagios-2.0b1-remove-perl_run-hack/base/utils.c nagios-2.0b1.dist/base/utils.c
--- nagios-2.0b1-remove-perl_run-hack/base/utils.c Fri Feb 4 23:23:14 2005
+++ nagios-2.0b1.dist/base/utils.c Thu Dec 9 17:48:33 2004
@@ -237,9 +237,7 @@
int user_index=0;
int address_index=0;
char *selected_macro=NULL;
- char *selected_macro_name=NULL;
int clean_macro=FALSE;
- char *p;
#ifdef DEBUG0
printf("process_macros() start\n");
@@ -290,26 +288,10 @@
continue;
if(!strcmp(temp_buffer,macro_x_names[x])){
selected_macro=macro_x[x];
- selected_macro_name=macro_x_names[x];
break;
}
}
- /* some macros are cleaned... */
- if (selected_macro_name!=NULL) {
- if (strstr(selected_macro_name, "OUTPUT"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "PERFDATA"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "ACKAUTHOR"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "ACKCOMMENT"))
- clean_macro=TRUE;
- else
- /* others are not cleaned */
- clean_macro=FALSE;
- }
-
/* we already have a macro... */
if(selected_macro!=NULL)
x=0;
@@ -380,6 +362,7 @@
if(options & URL_ENCODE_MACRO_CHARS)
selected_macro=get_url_encoded_string(selected_macro);
+ /* some macros are cleaned... */
if(clean_macro==TRUE)
strncat(output_buffer,(selected_macro==NULL)?"":clean_macro_chars(selected_macro,options),buffer_length-strlen(output_buffer)-1);
@@ -3953,11 +3936,6 @@
if(macro==NULL)
return "";
-#ifdef DEBUG4
- printf("\tEntering utils.c/clean_macro_chars.\n");
- printf("\tMacro value before cleaning: \"%s\"\n", macro);
-#endif
-
len=(int)strlen(macro);
/* strip illegal characters out of macro */
@@ -3999,12 +3977,6 @@
}
#endif
-#ifdef DEBUG4
- printf("\tLeaving utils.c/clean_macro_chars.\n");
- printf("\tMacro value after cleaning: \"%s\"\n", macro);
-#endif
-
-
return macro;
}
--bg08WKrSYDhXBjb5
Content-Type: text/plain; name="disclaimer.txt"
Content-Disposition: inline; filename="disclaimer.txt"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.415 (Entity 5.415)
--
This message contains privileged and confidential information only
for use by the intended recipient. If you are not the intended
recipient of this message, you must not disseminate, copy or use
it in any manner. If you have received this message in error,
please advise the sender by reply e-mail. Please ensure all
e-mail attachments are scanned for viruses prior to opening or
using.
--bg08WKrSYDhXBjb5--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]