]> git.pld-linux.org Git - packages/nagios-nrpe.git/blobdiff - CVE-2014-2913-nasty-metacharacters.patch
projects / packages / nagios-nrpe.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add CVE-2014-2913 fix from fedora
[packages/nagios-nrpe.git] / CVE-2014-2913-nasty-metacharacters.patch
diff --git a/CVE-2014-2913-nasty-metacharacters.patch b/CVE-2014-2913-nasty-metacharacters.patch
new file mode 100644 (file)
index 0000000..bca3930
--- /dev/null
+++ b/CVE-2014-2913-nasty-metacharacters.patch
@@ -0,0 +1,18 @@
+# This should get removed whenever 2.16 is released, assuming it has the fix
+# included. http://seclists.org/oss-sec/2014/q2/129. There's not upstream
+# concensus that quoting arguments in a mode which is widely agreed upon to be
+# risky so track upstream discussions here, too.
+
+diff --git b/src/nrpe.c a/src/nrpe.c
+index 381f0ac..ad1e05d 100644
+--- b/src/nrpe.c
++++ a/src/nrpe.c
+@@ -53,7 +53,7 @@ int use_ssl=FALSE;
+ #define DEFAULT_COMMAND_TIMEOUT       60                      /* default timeout for execution of plugins */
+ #define MAXFD                   64
+-#define NASTY_METACHARS         "|`&><'\"\\[]{};"
++#define NASTY_METACHARS         "|`&><'\"\\[]{};\n"
+ #define howmany(x,y)  (((x)+((y)-1))/(y))
+ #define MAX_LISTEN_SOCKS        16
Nagios remote plugin execution service/plugin
This page took 0.113917 seconds and 4 git commands to generate.