File: CVE-2013-6048.patch

package info (click to toggle)
munin 1.4.5-3%2Bdeb6u1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 4,988 kB
  • ctags: 806
  • sloc: perl: 8,936; sh: 3,105; java: 1,754; makefile: 585; python: 143
file content (46 lines) | stat: -rw-r--r-- 1,853 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
commit 0468de057b390b425c5c9b6b320e22606b89647c
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date:   Tue Jul 22 21:39:33 2014 +0200

    Validate multigraph plugin name
    
    CVE-2013-6048

diff --git a/master/lib/Munin/Master/Node.pm b/master/lib/Munin/Master/Node.pm
index 4936889..3f55b09 100644
--- a/master/lib/Munin/Master/Node.pm
+++ b/master/lib/Munin/Master/Node.pm
@@ -236,6 +236,16 @@ sub parse_service_config {
                 $errors++;
                 last;
 	    }
+            if ($service =~ /(^\.|\.$|\.\.)/) {
+                ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+                $errors++;
+                last;
+            }
+            if ($service !~ m/^[-\w.:.]+$/) {
+                ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+                $errors++;
+                last;
+            }
 	    new_service($service);
 	    DEBUG "[CONFIG multigraph $plugin] Service is now $service";
 	    $correct++;
@@ -347,6 +357,16 @@ sub parse_service_data {
 		    $nodedesignation;
                 last;
 	    }
+            if ($service =~ /(^\.|\.$|\.\.)/) {
+                ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+                $errors++;
+                last;
+            }
+            if ($service !~ m/^[-\w.:.]+$/) {
+                ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port};
+                $errors++;
+                last;
+            }
 	    $values{$service} = {};
 	    $correct++;
 	}