aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Frankenberger <simon-alpine@fraho.eu>2021-04-22 07:53:45 +0200
committerRasmus Thomsen <oss@cogitri.dev>2021-04-22 08:37:39 +0000
commit553b52b33f4111f77c68ac4f2d42c6763e561527 (patch)
treedbd04b699d8982efb3782592142883a1135ad745
parent23264eee1a17fa72eab7a757c9d6aca9055f72a1 (diff)
downloadaports-553b52b33f4111f77c68ac4f2d42c6763e561527.tar.gz
aports-553b52b33f4111f77c68ac4f2d42c6763e561527.tar.bz2
aports-553b52b33f4111f77c68ac4f2d42c6763e561527.tar.xz
main/nagios-plugins: fix use-after-free in check_mysql_query
-rw-r--r--main/nagios-plugins/APKBUILD4
-rw-r--r--main/nagios-plugins/check_mysql_query-fix-use-after-free.patch33
2 files changed, 36 insertions, 1 deletions
diff --git a/main/nagios-plugins/APKBUILD b/main/nagios-plugins/APKBUILD
index 98844f262a..eccb7ef7d4 100644
--- a/main/nagios-plugins/APKBUILD
+++ b/main/nagios-plugins/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Jeff Bilyk <jbilyk@gmail.com>
pkgname=nagios-plugins
pkgver=2.3.2
-pkgrel=1
+pkgrel=2
pkgdesc="Plugins for Nagios to check services on hosts"
url="https://nagios-plugins.org"
arch="all"
@@ -29,6 +29,7 @@ pkggroups="nagios"
options="suid"
source="https://www.nagios-plugins.org/download/nagios-plugins-$pkgver.tar.gz
fix-compilation-warnings-about-sys-poll.patch
+ check_mysql_query-fix-use-after-free.patch
check_openrc
nagios-openrc.sudoers"
@@ -151,5 +152,6 @@ _all() {
sha512sums="c73e13800ad408f9b345fbfc2142ae2275b77e4865ecdb9be33a86024c10be1e54e401450c3f7c848e96bd1152c723426477a1f2874e3bf5dd149f07391b1dd9 nagios-plugins-2.3.2.tar.gz
7a62e4808eb8b07ca43bc17a625f4199708da6c52b79eca7a756817cb734648fc3054cd89862638ae925022017db32479d2cfcfddeba79ab4557d7b9ec97c323 fix-compilation-warnings-about-sys-poll.patch
+0daff387c80d2132ec16b3d161e5fffe9e2cae1d3e08fc1c4e65b2bfdf4685c42fb129e4df92b08a17f250018f57eac39b2c8ff299ae378d4442681a88e39f9e check_mysql_query-fix-use-after-free.patch
12d87542631494df1c961e547c19107a025829509e174e8208111736141c12e20dbf490c55d487af39d47cefca5507cd98c973b7b20ae3f961dcbfd167195d8e check_openrc
171c9ad14d1027541b78df76063e6d34483dd536219fb83e0346e191739529d59c8d6be468af7f1c4c93b20baf9a32879510f15ec3d06aa1eefaf5d785ea8546 nagios-openrc.sudoers"
diff --git a/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch b/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch
new file mode 100644
index 0000000000..0f9a2784a5
--- /dev/null
+++ b/main/nagios-plugins/check_mysql_query-fix-use-after-free.patch
@@ -0,0 +1,33 @@
+From: simon-alpine@fraho.eu
+Subject: mysql_check_query crashes on alpine 3.13 after accessing free'd data
+Upstream: reported
+
+see https://gitlab.alpinelinux.org/alpine/aports/-/issues/12601
+and https://github.com/nagios-plugins/nagios-plugins/issues/602
+
+--- a/plugins/check_mysql_query.c
++++ b/plugins/check_mysql_query.c
+@@ -143,17 +143,17 @@
+ die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error);
+ }
+
+- /* free the result */
+- mysql_free_result (res);
+-
+- /* close the connection */
+- mysql_close (&mysql);
+-
+ if (! is_numeric(row[0])) {
+ die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]);
+ }
+
+ value = strtod(row[0], NULL);
++
++ /* free the result */
++ mysql_free_result (res);
++
++ /* close the connection */
++ mysql_close (&mysql);
+
+ if (verbose >= 3)
+ printf("mysql result: %f\n", value);