diff options
| author | alex <alex@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-11-01 13:28:12 +0000 |
|---|---|---|
| committer | alex <alex@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-11-01 13:28:12 +0000 |
| commit | f512ab7e499d5819b52649c21c54cbf916e6b2ae (patch) | |
| tree | eb9ab3347586ecc76649db47127ed0f8c62a3140 | |
| parent | 640375b6c78ff0bf074c721669c60c1e2e8ca1ac (diff) | |
| download | zabbix-f512ab7e499d5819b52649c21c54cbf916e6b2ae.tar.gz zabbix-f512ab7e499d5819b52649c21c54cbf916e6b2ae.tar.xz zabbix-f512ab7e499d5819b52649c21c54cbf916e6b2ae.zip | |
- fixed possible security issues raised by debian security audit (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@3425 97f52cf1-0a1b-0410-bd0e-c28be96e8082
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | include/common.h | 1 | ||||
| -rw-r--r-- | src/libs/zbxlog/log.c | 2 | ||||
| -rw-r--r-- | src/zabbix_server/expression.c | 56 | ||||
| -rw-r--r-- | src/zabbix_server/zlog.c | 2 |
5 files changed, 32 insertions, 30 deletions
@@ -14,6 +14,7 @@ Changes for 1.3: Integrated from 1.1.x + - fixed possible security issues raised by debian security audit (Alexei) - changed all zabbix_log(lev, str) to zabbix_log(lev,"%s", str) (Alexei) - introduced secure strcat and strcpy: zbx_strlcat, zbx_strlcpy (Alexei) - better format for Queue report (Alexei) diff --git a/include/common.h b/include/common.h index 56412132..e2cbe131 100644 --- a/include/common.h +++ b/include/common.h @@ -28,6 +28,7 @@ #define sprintf ERROR_DO_NOT_USE_SPRINTF_FUNCTION_TRY_TO_USE_ZBX_SNPRINTF #define strncpy ERROR_DO_NOT_USE_STRNCPY_FUNCTION_TRY_TO_USE_ZBX_STRLCPY #define strncat ERROR_DO_NOT_USE_STRNCAT_FUNCTION_TRY_TO_USE_ZBX_STRLCAT +#define vsprintf ERROR_DO_NOT_USE_VSPRINTF_FUNCTION_TRY_TO_USE_VSNPRINTF #define ON 1 #define OFF 0 diff --git a/src/libs/zbxlog/log.c b/src/libs/zbxlog/log.c index c51d17b5..56c5b073 100644 --- a/src/libs/zbxlog/log.c +++ b/src/libs/zbxlog/log.c @@ -279,7 +279,7 @@ void zabbix_log(int level, const char *fmt, ...) #else /* not _WINDOWS */ - syslog(LOG_DEBUG,message); + syslog(LOG_DEBUG, "%s", message); #endif /* _WINDOWS */ } diff --git a/src/zabbix_server/expression.c b/src/zabbix_server/expression.c index b8b62fb0..c4f6018d 100644 --- a/src/zabbix_server/expression.c +++ b/src/zabbix_server/expression.c @@ -164,7 +164,7 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( value1 == 1) @@ -175,7 +175,7 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( value2 == 1) @@ -199,13 +199,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( (value1 == 1) && (value2 == 1) ) @@ -229,13 +229,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( value1 > value2 ) @@ -260,13 +260,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( value1 < value2 ) @@ -291,13 +291,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } *result=value1*value2; @@ -314,20 +314,20 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if(cmp_double(value2,0) == 0) { zbx_snprintf(error,maxerrlen,"Division by zero. Cannot evaluate expression [%s/%s]", first,second); zabbix_log(LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } else @@ -347,13 +347,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } *result=value1+value2; @@ -370,13 +370,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } *result=value1-value2; @@ -393,13 +393,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( cmp_double(value1,value2) ==0 ) @@ -423,13 +423,13 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) if( evaluate_simple(&value1,first,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( evaluate_simple(&value2,second,error,maxerrlen) == FAIL ) { zabbix_log(LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( cmp_double(value1,value2) != 0 ) @@ -446,7 +446,7 @@ int evaluate_simple (double *result,char *exp,char *error,int maxerrlen) { zbx_snprintf(error,maxerrlen,"Format error or unsupported operator. Exp: [%s]", exp); zabbix_log(LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } return SUCCEED; @@ -495,7 +495,7 @@ int evaluate(int *result,char *exp, char *error, int maxerrlen) { zbx_snprintf(error, maxerrlen, "Cannot find left bracket [(]. Expression:[%s]", exp); zabbix_log(LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } for(i=l+1;i<r;i++) @@ -508,7 +508,7 @@ int evaluate(int *result,char *exp, char *error, int maxerrlen) { /* Changed to LOG_LEVEL_DEBUG */ zabbix_log( LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } @@ -531,7 +531,7 @@ int evaluate(int *result,char *exp, char *error, int maxerrlen) if( evaluate_simple( &value, res, error, maxerrlen ) != SUCCEED ) { zabbix_log(LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } zabbix_log( LOG_LEVEL_DEBUG, "Evaluate end:[%lf]", value ); @@ -957,14 +957,14 @@ int substitute_functions(char *exp, char *error, int maxerrlen) { zbx_snprintf(error,maxerrlen,"Cannot find right bracket. Expression:[%s]", exp); zabbix_log( LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } if( r < l ) { zbx_snprintf(error,maxerrlen, "Right bracket is before left one. Expression:[%s]", exp); zabbix_log( LOG_LEVEL_WARNING, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } @@ -979,7 +979,7 @@ int substitute_functions(char *exp, char *error, int maxerrlen) /* It may happen because of functions.lastvalue is NULL, so this is not warning */ zbx_snprintf(error,maxerrlen, "Unable to get value for functionid [%s]", functionid); zabbix_log( LOG_LEVEL_DEBUG, "%s", error); - zabbix_syslog(error); + zabbix_syslog("%s", error); return FAIL; } diff --git a/src/zabbix_server/zlog.c b/src/zabbix_server/zlog.c index 6939ce0b..84579e8f 100644 --- a/src/zabbix_server/zlog.c +++ b/src/zabbix_server/zlog.c @@ -71,7 +71,7 @@ void zabbix_syslog(const char *fmt, ...) DBget_item_from_db(&item,row); va_start(ap,fmt); - vsprintf(value_str,fmt,ap); + vsnprintf(value_str,sizeof(value_str),fmt,ap); value_str[MAX_STRING_LEN-1]=0; va_end(ap); |