aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-03-12 18:03:26 -0700
committerAriadne Conill <ariadne@dereferenced.org>2021-03-12 18:04:26 -0700
commitf22889166a9e09b63fbfa1ddc34d3057813931f1 (patch)
treed7b4a826f5b426e0c2f3ee0443f841ec0d8658f8
parente6b585bcefecde9bf6e06a1aa9c7fe5c6974d1ca (diff)
downloadaports-f22889166a9e09b63fbfa1ddc34d3057813931f1.tar.gz
aports-f22889166a9e09b63fbfa1ddc34d3057813931f1.tar.bz2
aports-f22889166a9e09b63fbfa1ddc34d3057813931f1.tar.xz
main/nagios: fix truncation of pairlist in getcgivars(), closes #12516
-rw-r--r--main/nagios/APKBUILD8
-rw-r--r--main/nagios/cgi-pairlist-truncation-fix.patch14
2 files changed, 19 insertions, 3 deletions
diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD
index 5bf96b845c..405cb30011 100644
--- a/main/nagios/APKBUILD
+++ b/main/nagios/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org>
pkgname=nagios
pkgver=4.4.6
-pkgrel=1
+pkgrel=2
pkgdesc="Popular monitoring tool"
url="https://www.nagios.org/"
arch="all"
@@ -14,7 +14,8 @@ makedepends="gd-dev perl-dev libpng-dev libjpeg perl-net-snmp unzip"
source="https://downloads.sourceforge.net/nagios/nagios-$pkgver.tar.gz
nagios.confd
nagios.initd
- lighttpd-nagios.conf"
+ lighttpd-nagios.conf
+ cgi-pairlist-truncation-fix.patch"
subpackages="
$pkgname-web::noarch
$pkgname-openrc::noarch
@@ -75,4 +76,5 @@ apache() {
sha512sums="6ceb582816ec741439963bde1fe8d85fa3bc4ed3c2238fb818db0c4f4224a4333d153040c11a7f4d783e919c11f9ff45907bdc478504e4155f64a4c575f80550 nagios-4.4.6.tar.gz
8575902dcb7252f195847f9997b424c1ef9bee7dfacdd124c922fc119f583923c34847ce77c505783662d91f7290b1a85dc5e382ac50d177406bfb3876d4e40a nagios.confd
a004ed1cf8e7d9faeb849cd714095dbe5157c707618d2cce92c98c78604b896bb806b55aa69b2db8ca3e954bd629f9e3db5d2676015f87d6be5da32fa9ec5664 nagios.initd
-6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf"
+6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf
+06e4721acaa211f54a84022041b5fefbb6c31f5536bd97105946d5ea9dfc841169797940e272122f723d52fb85463c39d5ad342af5c901896278239295df3fa8 cgi-pairlist-truncation-fix.patch"
diff --git a/main/nagios/cgi-pairlist-truncation-fix.patch b/main/nagios/cgi-pairlist-truncation-fix.patch
new file mode 100644
index 0000000000..00719d2705
--- /dev/null
+++ b/main/nagios/cgi-pairlist-truncation-fix.patch
@@ -0,0 +1,14 @@
+diff -urN nagios-4.4.6.orig/cgi/getcgi.c nagios-4.4.6/cgi/getcgi.c
+--- nagios-4.4.6.orig/cgi/getcgi.c 2021-03-12 18:00:28.712911163 -0700
++++ nagios-4.4.6/cgi/getcgi.c 2021-03-12 18:02:09.746892595 -0700
+@@ -245,7 +245,9 @@
+ formid = strstr(cookies, "NagFormId=");
+ if (formid) {
+ if(!(paircount % 256)) {
+- pairlist = (char **)realloc(pairlist, (paircount + 1) * sizeof(char *));
++ /* if no query parameters were provided, paircount can begin as zero, resulting in */
++ /* truncation of the pairlist array if we do not reserve at least two elements. */
++ pairlist = (char **)realloc(pairlist, (paircount + 2) * sizeof(char *));
+ if(pairlist == NULL) {
+ printf("getcgivars(): Could not re-allocate memory for name-value pairlist.\n");
+ exit(1);