1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
|
commit 0468de057b390b425c5c9b6b320e22606b89647c
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Tue Jul 22 21:39:33 2014 +0200
Validate multigraph plugin name
CVE-2013-6048
diff --git a/master/lib/Munin/Master/Node.pm b/master/lib/Munin/Master/Node.pm
index 4936889..3f55b09 100644
--- a/master/lib/Munin/Master/Node.pm
+++ b/master/lib/Munin/Master/Node.pm
@@ -236,6 +236,16 @@ sub parse_service_config {
$errors++;
last;
}
+ if ($service =~ /(^\.|\.$|\.\.)/) {
+ ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+ $errors++;
+ last;
+ }
+ if ($service !~ m/^[-\w.:.]+$/) {
+ ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+ $errors++;
+ last;
+ }
new_service($service);
DEBUG "[CONFIG multigraph $plugin] Service is now $service";
$correct++;
@@ -347,6 +357,16 @@ sub parse_service_data {
$nodedesignation;
last;
}
+ if ($service =~ /(^\.|\.$|\.\.)/) {
+ ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+ $errors++;
+ last;
+ }
+ if ($service !~ m/^[-\w.:.]+$/) {
+ ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+ $errors++;
+ last;
+ }
$values{$service} = {};
$correct++;
}
|