diff options
| author | Simon Frankenberger <simon-alpine@fraho.eu> | 2021-04-22 07:53:45 +0200 |
|---|---|---|
| committer | Rasmus Thomsen <oss@cogitri.dev> | 2021-04-22 08:37:39 +0000 |
| commit | 553b52b33f4111f77c68ac4f2d42c6763e561527 (patch) | |
| tree | dbd04b699d8982efb3782592142883a1135ad745 | |
| parent | 23264eee1a17fa72eab7a757c9d6aca9055f72a1 (diff) | |
main/nagios-plugins: fix use-after-free in check_mysql_query
| -rw-r--r-- | main/nagios-plugins/APKBUILD | 4 | ||||
| -rw-r--r-- | main/nagios-plugins/check_mysql_query-fix-use-after-free.patch | 33 |
2 files changed, 36 insertions, 1 deletions
diff --git a/main/nagios-plugins/APKBUILD b/main/nagios-plugins/APKBUILD index 98844f262a6..eccb7ef7d47 100644 --- a/main/nagios-plugins/APKBUILD +++ b/main/nagios-plugins/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=nagios-plugins pkgver=2.3.2 -pkgrel=1 +pkgrel=2 pkgdesc="Plugins for Nagios to check services on hosts" url="https://nagios-plugins.org" arch="all" @@ -29,6 +29,7 @@ pkggroups="nagios" options="suid" source="https://www.nagios-plugins.org/download/nagios-plugins-$pkgver.tar.gz fix-compilation-warnings-about-sys-poll.patch + check_mysql_query-fix-use-after-free.patch check_openrc nagios-openrc.sudoers" @@ -151,5 +152,6 @@ _all() { sha512sums="c73e13800ad408f9b345fbfc2142ae2275b77e4865ecdb9be33a86024c10be1e54e401450c3f7c848e96bd1152c723426477a1f2874e3bf5dd149f07391b1dd9 nagios-plugins-2.3.2.tar.gz 7a62e4808eb8b07ca43bc17a625f4199708da6c52b79eca7a756817cb734648fc3054cd89862638ae925022017db32479d2cfcfddeba79ab4557d7b9ec97c323 fix-compilation-warnings-about-sys-poll.patch +0daff387c80d2132ec16b3d161e5fffe9e2cae1d3e08fc1c4e65b2bfdf4685c42fb129e4df92b08a17f250018f57eac39b2c8ff299ae378d4442681a88e39f9e check_mysql_query-fix-use-after-free.patch 12d87542631494df1c961e547c19107a025829509e174e8208111736141c12e20dbf490c55d487af39d47cefca5507cd98c973b7b20ae3f961dcbfd167195d8e check_openrc 171c9ad14d1027541b78df76063e6d34483dd536219fb83e0346e191739529d59c8d6be468af7f1c4c93b20baf9a32879510f15ec3d06aa1eefaf5d785ea8546 nagios-openrc.sudoers" diff --git a/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch b/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch new file mode 100644 index 00000000000..0f9a2784a58 --- /dev/null +++ b/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch @@ -0,0 +1,33 @@ +From: simon-alpine@fraho.eu +Subject: mysql_check_query crashes on alpine 3.13 after accessing free'd data +Upstream: reported + +see https://gitlab.alpinelinux.org/alpine/aports/-/issues/12601 +and https://github.com/nagios-plugins/nagios-plugins/issues/602 + +--- a/plugins/check_mysql_query.c ++++ b/plugins/check_mysql_query.c +@@ -143,17 +143,17 @@ + die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); + } + +- /* free the result */ +- mysql_free_result (res); +- +- /* close the connection */ +- mysql_close (&mysql); +- + if (! is_numeric(row[0])) { + die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); + } + + value = strtod(row[0], NULL); ++ ++ /* free the result */ ++ mysql_free_result (res); ++ ++ /* close the connection */ ++ mysql_close (&mysql); + + if (verbose >= 3) + printf("mysql result: %f\n", value); |