robbat2 14/04/19 17:06:23
Added: nrpe-2.15-autoconf-header.patch
nrpe-2.15-tcpd-et-al.patch
nrpe-2.15-metachar-security-fix.patch
Log:
Bump, include a fix that I wrote for security bug 508122.
(Portage version: 2.2.8-r1/cvs/Linux x86_64, unsigned Manifest commit)
Revision Changes Path
1.1 net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch?rev=1.1&content-type=text/plain
Index: nrpe-2.15-autoconf-header.patch
===================================================================
diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in
--- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700
+++ nrpe-2.15/configure.in 2014-04-19 09:32:52.251766643 -0700
@@ -6,7 +6,8 @@
AC_INIT([nrpe],[2.15],[[email protected]],[nrpe],[http://www.nagios.org])
AC_CONFIG_SRCDIR([src/nrpe.c])
-AC_CONFIG_HEADERS([include/config.h])
+AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_FILES([Makefile
+ include/config.h
subst
src/Makefile
diff -Nuar --exclude '*.orig' nrpe-2.15.orig/include/config.h.in
nrpe-2.15/include/config.h.in
--- nrpe-2.15.orig/include/config.h.in 2013-09-06 08:27:13.000000000 -0700
+++ nrpe-2.15/include/config.h.in 2014-04-19 09:33:07.620035056 -0700
@@ -26,6 +26,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include "autoconf.h"
#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
1.1 net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch?rev=1.1&content-type=text/plain
Index: nrpe-2.15-tcpd-et-al.patch
===================================================================
diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in
--- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700
+++ nrpe-2.15/configure.in 2014-04-19 09:20:50.406150828 -0700
@@ -45,7 +45,7 @@
AC_HEADER_STDC
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h
netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h
arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h
sys/wait.h sys/socket.h sys/stat.h)
+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h
netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h unistd.h
arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h
sys/wait.h sys/socket.h sys/stat.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
@@ -164,11 +164,20 @@
AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
AC_SUBST(SOCKETLIBS)
-AC_CHECK_LIB(wrap,main,[
- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
+
+AC_ARG_ENABLE([tcp-wrapper],
+ AS_HELP_STRING([--disable-tcp-wrapper], [Disable building with TCP
wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before
using this option! @<:@default=enable@:>@]))
+
+LIBWRAPLIBS=""
+AS_IF([test "x$enable_tcp_wrapper" != "xno"], [
+ AC_CHECK_LIB([wrap],[hosts_access],[
+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
- ])
+ AC_DEFINE(HAVE_TCPD_H,[1],[Have the TCP wrappers library])
+ ])
+])
AC_SUBST(LIBWRAPLIBS)
+
AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
dnl socklen_t check - from curl
@@ -440,8 +449,11 @@
AC_SUBST(TARGET_PLATFORM)
AC_ARG_ENABLE([command-args],
- AS_HELP_STRING([--enable-command-args],[allows clients to specify
command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file
before using this option!]),
- AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line
arguments]))
+ AS_HELP_STRING([--enable-command-args],[allows clients to specify
command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file
before using this option!]))
+
+AS_IF([test "x$enable_command_args" = "xyes"], [
+ AC_DEFINE(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments])
+])
AC_ARG_ENABLE([bash-command-substitution],
AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to
pass bash command substitutions of the form $(command). *** THIS IS A HIGH
SECURITY RISK! *** Read the SECURITY file before using this option!]),
1.1
net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch?rev=1.1&content-type=text/plain
Index: nrpe-2.15-metachar-security-fix.patch
===================================================================
Disallow all control characters in argument handling.
This closes a security hole that allowed passing commands via the argument
handling, if a newline was used to seperate the argument from the rest of the
command.
X-URL: http://www.exploit-db.com/exploits/32925/
Signed-off-by: Robin H. Johnson <[email protected]>
--
I didn't find any patches from upstream NRPE, so I wrote this quick one.
If somebody else has a valid use for control characters in NRPE arguments, then
this could be relaxed slightly.
diff -Nuar --exclude '*.orig' nrpe-2.15.orig/src/nrpe.c nrpe-2.15/src/nrpe.c
--- nrpe-2.15.orig/src/nrpe.c 2014-04-19 09:37:16.022373910 -0700
+++ nrpe-2.15/src/nrpe.c 2014-04-19 09:46:53.237458939 -0700
@@ -53,7 +53,7 @@
#define DEFAULT_COMMAND_TIMEOUT 60 /* default
timeout for execution of plugins */
#define MAXFD 64
-#define NASTY_METACHARS "|`&><'\"\\[]{};"
+#define NASTY_METACHARS
"|`&><'\"\\[]{};\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
#define howmany(x,y) (((x)+((y)-1))/(y))
#define MAX_LISTEN_SOCKS 16
