Patch to clean illegal characters from some macros

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Fri Feb 4 13:34:39 CET 2005

Previous message: clean_macro_chars() no longer called in utils.c in 2.0b1 ?
Next message: Patch to clean illegal characters from some macros
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Folks,

I think Nagios 2.0b1 needs this patch is needed to ensure that illegal 
characters from macros used in notify command do not confuse the shell 
when it comes to execute the macro substitued notify command.

For example, my employer's Nag checks CGIs that require '&' 
in the query_strings.

When such a check fails it usually outputs the failed request - 
including the '&' characters. 

If in addition, the quoting of the macros breaks down - because the 
plugin output also contains '"" characters, the notify command will 
fail.

I am not sure if this isn't better done in the get_macro_ functions, but 
this seems to work for me (in production for about 5 minutes now ...)

Yours sincerely.

-- 
Stanley Hopcroft

IP Australia
Ph: (02) 6283 3189  Fax: (02) 6281 1353
PO Box 200 Woden  ACT 2606
http://www.ipaustralia.gov.au
-------------- next part --------------
diff -r -u nagios-2.0b1-remove-perl_run-hack/base/utils.c nagios-2.0b1.dist/base/utils.c
--- nagios-2.0b1-remove-perl_run-hack/base/utils.c	Fri Feb  4 23:23:14 2005
+++ nagios-2.0b1.dist/base/utils.c	Thu Dec  9 17:48:33 2004
@@ -237,9 +237,7 @@
 	int user_index=0;
 	int address_index=0;
 	char *selected_macro=NULL;
-	char *selected_macro_name=NULL;
 	int clean_macro=FALSE;
-	char *p;
 
 #ifdef DEBUG0
 	printf("process_macros() start\n");
@@ -290,26 +288,10 @@
 						continue;
 					if(!strcmp(temp_buffer,macro_x_names[x])){
 						selected_macro=macro_x[x];
-						selected_macro_name=macro_x_names[x];
 						break;
 						}
 				        }
 
-				/* some macros are cleaned... */
-				if (selected_macro_name!=NULL) {
-					if (strstr(selected_macro_name, "OUTPUT"))
-						clean_macro=TRUE;
-					else if (strstr(selected_macro_name, "PERFDATA"))
-						clean_macro=TRUE;
-					else if (strstr(selected_macro_name, "ACKAUTHOR"))
-						clean_macro=TRUE;
-					else if (strstr(selected_macro_name, "ACKCOMMENT"))
-						clean_macro=TRUE;
-					else
-					/* others are not cleaned */
-						clean_macro=FALSE;
-				}
-						
 				/* we already have a macro... */
 				if(selected_macro!=NULL)
 					x=0;
@@ -380,6 +362,7 @@
 					if(options & URL_ENCODE_MACRO_CHARS)
 						selected_macro=get_url_encoded_string(selected_macro);
 				
+					/* some macros are cleaned... */
 					if(clean_macro==TRUE)
 						strncat(output_buffer,(selected_macro==NULL)?"":clean_macro_chars(selected_macro,options),buffer_length-strlen(output_buffer)-1);
 
@@ -3953,11 +3936,6 @@
 	if(macro==NULL)
 		return "";
 
-#ifdef DEBUG4
-	printf("\tEntering utils.c/clean_macro_chars.\n");
-	printf("\tMacro value before cleaning: \"%s\"\n", macro);
-#endif
-
 	len=(int)strlen(macro);
 
 	/* strip illegal characters out of macro */
@@ -3999,12 +3977,6 @@
 	        }
 #endif
 
-#ifdef DEBUG4
-                printf("\tLeaving utils.c/clean_macro_chars.\n");
-                printf("\tMacro value after cleaning: \"%s\"\n", macro);
-#endif
-
-
 	return macro;
         }
 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: disclaimer.txt
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20050204/f2fbfe48/attachment.txt>

Previous message: clean_macro_chars() no longer called in utils.c in 2.0b1 ?
Next message: Patch to clean illegal characters from some macros
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list