Patch to clean illegal characters from some macros
Stanley Hopcroft
Stanley.Hopcroft at IPAustralia.Gov.AU
Fri Feb 4 13:34:39 CET 2005
Dear Folks,
I think Nagios 2.0b1 needs this patch is needed to ensure that illegal
characters from macros used in notify command do not confuse the shell
when it comes to execute the macro substitued notify command.
For example, my employer's Nag checks CGIs that require '&'
in the query_strings.
When such a check fails it usually outputs the failed request -
including the '&' characters.
If in addition, the quoting of the macros breaks down - because the
plugin output also contains '"" characters, the notify command will
fail.
I am not sure if this isn't better done in the get_macro_ functions, but
this seems to work for me (in production for about 5 minutes now ...)
Yours sincerely.
--
Stanley Hopcroft
IP Australia
Ph: (02) 6283 3189 Fax: (02) 6281 1353
PO Box 200 Woden ACT 2606
http://www.ipaustralia.gov.au
-------------- next part --------------
diff -r -u nagios-2.0b1-remove-perl_run-hack/base/utils.c nagios-2.0b1.dist/base/utils.c
--- nagios-2.0b1-remove-perl_run-hack/base/utils.c Fri Feb 4 23:23:14 2005
+++ nagios-2.0b1.dist/base/utils.c Thu Dec 9 17:48:33 2004
@@ -237,9 +237,7 @@
int user_index=0;
int address_index=0;
char *selected_macro=NULL;
- char *selected_macro_name=NULL;
int clean_macro=FALSE;
- char *p;
#ifdef DEBUG0
printf("process_macros() start\n");
@@ -290,26 +288,10 @@
continue;
if(!strcmp(temp_buffer,macro_x_names[x])){
selected_macro=macro_x[x];
- selected_macro_name=macro_x_names[x];
break;
}
}
- /* some macros are cleaned... */
- if (selected_macro_name!=NULL) {
- if (strstr(selected_macro_name, "OUTPUT"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "PERFDATA"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "ACKAUTHOR"))
- clean_macro=TRUE;
- else if (strstr(selected_macro_name, "ACKCOMMENT"))
- clean_macro=TRUE;
- else
- /* others are not cleaned */
- clean_macro=FALSE;
- }
-
/* we already have a macro... */
if(selected_macro!=NULL)
x=0;
@@ -380,6 +362,7 @@
if(options & URL_ENCODE_MACRO_CHARS)
selected_macro=get_url_encoded_string(selected_macro);
+ /* some macros are cleaned... */
if(clean_macro==TRUE)
strncat(output_buffer,(selected_macro==NULL)?"":clean_macro_chars(selected_macro,options),buffer_length-strlen(output_buffer)-1);
@@ -3953,11 +3936,6 @@
if(macro==NULL)
return "";
-#ifdef DEBUG4
- printf("\tEntering utils.c/clean_macro_chars.\n");
- printf("\tMacro value before cleaning: \"%s\"\n", macro);
-#endif
-
len=(int)strlen(macro);
/* strip illegal characters out of macro */
@@ -3999,12 +3977,6 @@
}
#endif
-#ifdef DEBUG4
- printf("\tLeaving utils.c/clean_macro_chars.\n");
- printf("\tMacro value after cleaning: \"%s\"\n", macro);
-#endif
-
-
return macro;
}
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: disclaimer.txt
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20050204/f2fbfe48/attachment.txt>
More information about the Developers
mailing list