This is a multi-part message in MIME format.
--------------040704020200070005020201
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Ton Voon wrote:
>
> Andreas' suggestion about checking for shell characters and using an
> execv method for non-shell commands is captured here: http://tracker.nagios.org/view.php?id=86
>
please see if the attached diffs are acceptable for the function
checking for meta characters, I may pick this up to work on as I find it
interesting.
> Thomas' suggestion about a new way of defining a check command to
> force it to use the execv method is here: http://tracker.nagios.org/view.php?id=87
>
> I'm not planning on doing either of these at the moment, so I'll leave
> it for someone else to pick up.
>
--------------040704020200070005020201
Content-Type: text/x-patch;
name="nagios.h.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nagios.h.diff"
--- nagios.h 2008-12-14 16:52:23.000000000 +0200
+++ /tmp/nagios.h 2009-09-16 21:10:18.000000000 +0200
@@ -807,6 +807,7 @@
char *get_program_version(void);
char *get_program_modification_date(void);
+int has_shell_metachars(const char *);
mmapfile *mmap_fopen(char *); /* open a file read-only via mmap() */
int mmap_fclose(mmapfile *);
--------------040704020200070005020201
Content-Type: text/x-patch;
name="utils.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="utils.diff"
--- utils.c 2009-08-11 19:29:52.000000000 +0200
+++ /tmp/utils.c 2009-09-16 21:06:05.000000000 +0200
@@ -4589,7 +4589,12 @@
return (char *)PROGRAM_MODIFICATION_DATE;
}
-
+int has_shell_metachars(const char *s){
+ if (strpbrk(s,"!$^&*()~[]\\|{};? \t"))
+ return 1;
+ else
+ return 0;
+}
/******************************************************************/
/*********************** CLEANUP FUNCTIONS ************************/
--------------040704020200070005020201--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]