Fix for BZ 222410

This commit is contained in:
Mike McGrath 2007-01-12 15:52:07 +00:00
parent 5bec4dfbd6
commit b958e124d3
5 changed files with 316 additions and 1 deletions

View File

@ -1,6 +1,6 @@
Name: cacti
Version: 0.8.6i
Release: 4%{?dist}
Release: 5%{?dist}
Summary: An rrd based graphing tool
Group: Applications/System
@ -12,6 +12,10 @@ Source2: cacti.logrotate
Source3: cacti.README.Fedora
Patch1: cacti-0.8.6h-dbcfg.patch
Patch2: http://www.cacti.net/downloads/patches/0.8.6i/import_template_argument_space_removal.patch
Patch3: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-scripts-0.8.6i.patch
Patch4: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-poller-0.8.6i.patch
Patch5: http://www.cacti.net/downloads/patches/0.8.6i/poller_output_remainder.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -32,6 +36,10 @@ used to creating traffic graphs with MRTG.
%prep
%setup -q
%patch1 -p0
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
@ -103,6 +111,10 @@ fi
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
* Fri Jan 12 2007 Mike McGrath <imlinux@gmail.com> - 0.8.6i-5
- Added 4 upstream patches
- Fix for BZ 222410
* Thu Nov 09 2006 Mike McGrath <imlinux@gmail.com> - 0.8.6i-4
- Patch now includes <?php BG# 214914

View File

@ -0,0 +1,137 @@
diff -ruBbd cacti-0.8.6i/cmd.php cacti-0.8.6i-patch/cmd.php
--- cacti-0.8.6i/cmd.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/cmd.php 2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
@@ -70,6 +71,10 @@
$print_data_to_stdout = false;
if ($_SERVER["argc"] == "3") {
if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
+ /* address potential exploits */
+ input_validate_input_number($_SERVER["argv"][1]);
+ input_validate_input_number($_SERVER["argv"][2]);
+
$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
"id >= " .
$_SERVER["argv"][1] .
diff -ruBbd cacti-0.8.6i/copy_cacti_user.php cacti-0.8.6i-patch/copy_cacti_user.php
--- cacti-0.8.6i/copy_cacti_user.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/copy_cacti_user.php 2007-01-01 12:27:15.312500000 -0500
@@ -25,9 +25,10 @@
*/
/* do NOT run this script through a web browser */
-if (! isset($_SERVER["argv"][0])) {
- die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
}
+
if (empty($_SERVER["argv"][2])) {
die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
}
diff -ruBbd cacti-0.8.6i/include/html/inc_timespan_settings.php cacti-0.8.6i-patch/include/html/inc_timespan_settings.php
--- cacti-0.8.6i/include/html/inc_timespan_settings.php 2006-10-09 00:05:58.000000000 -0400
+++ cacti-0.8.6i-patch/include/html/inc_timespan_settings.php 2007-01-02 11:55:45.953125000 -0500
@@ -24,6 +24,20 @@
+-------------------------------------------------------------------------+
*/
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+ $_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+ $_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
/* initialize the timespan array */
$timespan = array();
diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patch/poller.php
--- cacti-0.8.6i/poller.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller.php 2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_commands.php cacti-0.8.6i-patch/poller_commands.php
--- cacti-0.8.6i/poller_commands.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_commands.php 2007-01-01 12:27:15.328125000 -0500
@@ -27,7 +27,7 @@
define("MAX_RECACHE_RUNTIME", 296);
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_export.php cacti-0.8.6i-patch/poller_export.php
--- cacti-0.8.6i/poller_export.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_export.php 2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_reindex_hosts.php cacti-0.8.6i-patch/poller_reindex_hosts.php
--- cacti-0.8.6i/poller_reindex_hosts.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_reindex_hosts.php 2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/rebuild_poller_cache.php cacti-0.8.6i-patch/rebuild_poller_cache.php
--- cacti-0.8.6i/rebuild_poller_cache.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/rebuild_poller_cache.php 2007-01-01 12:27:15.312500000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/script_server.php cacti-0.8.6i-patch/script_server.php
--- cacti-0.8.6i/script_server.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/script_server.php 2007-01-01 12:27:15.312500000 -0500
@@ -26,9 +26,8 @@
$no_http_headers = true;
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
- exit(-1);
}
/* define STDOUT/STDIN file descriptors if not running under CLI */

View File

@ -0,0 +1,106 @@
diff -ruBbd cacti-0.8.6i/scripts/query_host_cpu.php cacti-0.8.6i-patch/scripts/query_host_cpu.php
--- cacti-0.8.6i/scripts/query_host_cpu.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/query_host_cpu.php 2007-01-01 12:50:55.781250000 -0500
@@ -1,6 +1,12 @@
<?php
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
+
include(dirname(__FILE__) . "/../include/config.php");
include(dirname(__FILE__) . "/../lib/snmp.php");
diff -ruBbd cacti-0.8.6i/scripts/query_host_partitions.php cacti-0.8.6i-patch/scripts/query_host_partitions.php
--- cacti-0.8.6i/scripts/query_host_partitions.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/query_host_partitions.php 2007-01-01 12:50:55.781250000 -0500
@@ -1,6 +1,12 @@
<?php
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
+
include(dirname(__FILE__) . "/../include/config.php");
include(dirname(__FILE__) . "/../lib/snmp.php");
diff -ruBbd cacti-0.8.6i/scripts/sql.php cacti-0.8.6i-patch/scripts/sql.php
--- cacti-0.8.6i/scripts/sql.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/sql.php 2007-01-01 12:50:55.781250000 -0500
@@ -1,6 +1,12 @@
<?
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
+
include(dirname(__FILE__) . "/../include/config.php");
if ($database_password == "") {
diff -ruBbd cacti-0.8.6i/scripts/ss_fping.php cacti-0.8.6i-patch/scripts/ss_fping.php
--- cacti-0.8.6i/scripts/ss_fping.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_fping.php 2007-01-01 12:50:55.796875000 -0500
@@ -1,7 +1,11 @@
<?php
#!/usr/bin/php -q
-//STANDARD SCRIPT SERVER HEADER!!!
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
/* display No errors */
diff -ruBbd cacti-0.8.6i/scripts/ss_host_cpu.php cacti-0.8.6i-patch/scripts/ss_host_cpu.php
--- cacti-0.8.6i/scripts/ss_host_cpu.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_host_cpu.php 2007-01-01 12:50:55.796875000 -0500
@@ -1,4 +1,10 @@
<?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
/* display No errors */
diff -ruBbd cacti-0.8.6i/scripts/ss_host_disk.php cacti-0.8.6i-patch/scripts/ss_host_disk.php
--- cacti-0.8.6i/scripts/ss_host_disk.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_host_disk.php 2007-01-01 12:50:55.796875000 -0500
@@ -1,4 +1,10 @@
<?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
/* display No errors */
diff -ruBbd cacti-0.8.6i/scripts/ss_sql.php cacti-0.8.6i-patch/scripts/ss_sql.php
--- cacti-0.8.6i/scripts/ss_sql.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/scripts/ss_sql.php 2007-01-01 12:50:55.781250000 -0500
@@ -1,5 +1,10 @@
<?php
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
+}
+
$no_http_headers = true;
/* display ALL errors */

View File

@ -0,0 +1,14 @@
--- cacti-0.8.6i/lib/import.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/lib/import.php 2007-01-02 08:17:09.593750000 -0500
@@ -687,6 +687,11 @@
while (list($field_name, $field_array) = each($fields_data_input_edit)) {
/* make sure this field exists in the xml array first */
if (isset($xml_array[$field_name])) {
+ /* fix issue with data input method importing and white spaces */
+ if ($field_name == "input_string") {
+ $xml_array[$field_name] = str_replace("><", "> <", $xml_array[$field_name]);
+ }
+
$save[$field_name] = addslashes(xml_character_decode($xml_array[$field_name]));
}
}

View File

@ -0,0 +1,46 @@
diff -ruBbd cacti-0.8.6i/lib/poller.php cacti-0.8.6i-patched/lib/poller.php
--- cacti-0.8.6i/lib/poller.php 2006-10-08 23:06:01.000000000 -0400
+++ cacti-0.8.6i-patched/lib/poller.php 2006-11-21 23:41:02.000000000 -0500
@@ -213,7 +213,7 @@
/* process_poller_output - grabs data from the 'poller_output' table and feeds the *completed*
results to RRDTool for processing
@arg $rrdtool_pipe - the array of pipes containing the file descriptor for rrdtool */
-function process_poller_output($rrdtool_pipe) {
+function process_poller_output($rrdtool_pipe, $remainder = FALSE) {
global $config;
include_once($config["library_path"] . "/rrd.php");
@@ -221,6 +221,12 @@
/* let's count the number of rrd files we processed */
$rrds_processed = 0;
+ if ($remainder) {
+ $limit = "";
+ }else{
+ $limit = "LIMIT 10000";
+ }
+
/* create/update the rrd files */
$results = db_fetch_assoc("select
poller_output.output,
@@ -231,7 +237,7 @@
poller_item.rrd_num
from (poller_output,poller_item)
where (poller_output.local_data_id=poller_item.local_data_id and poller_output.rrd_name=poller_item.rrd_name)
- limit 10000");
+ $limit");
if (sizeof($results) > 0) {
/* create an array keyed off of each .rrd file */
diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patched/poller.php
--- cacti-0.8.6i/poller.php 2006-10-08 23:06:01.000000000 -0400
+++ cacti-0.8.6i-patched/poller.php 2006-11-12 11:49:05.000000000 -0500
@@ -166,7 +166,7 @@
$polling_items = db_fetch_assoc("select poller_id,end_time from poller_time where poller_id = 0");
if (sizeof($polling_items) == $process_file_number) {
- $rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe);
+ $rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe, TRUE);
/* take time and log performance data */
list($micro,$seconds) = split(" ", microtime());