Репозитории ALT
| S: | 3.0.6-alt16 |
| 5.1: | 3.0.6-alt1 |
| 4.1: | 3.0.3-alt1.M41.1 |
| 4.0: | 2.7-alt1 |
| 3.0: | 2.0-alt0.b3.1 |
Группа :: Мониторинг
Пакет: nagios
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: nagios-3.0.6-CVE-2016-9566.patch
Скачать
Скачать
diff --git a/nagios/base/logging.c b/nagios/base/logging.c
index aa875e9..86f2019 100644
--- a/nagios/base/logging.c
+++ b/nagios/base/logging.c
@@ -160,6 +160,8 @@ int write_to_all_logs_with_timestamp(char *buffer, unsigned long data_type, time
int write_to_log(char *buffer, unsigned long data_type, time_t *timestamp){FILE *fp=NULL;
time_t log_time=0L;
+ int fh;
+ struct stat st;
if(buffer==NULL)
return ERROR;
@@ -172,7 +174,26 @@ int write_to_log(char *buffer, unsigned long data_type, time_t *timestamp){if(!(data_type & logging_options))
return OK;
- fp=fopen(log_file,"a+");
+ fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR);
+
+ if (fh != -1) {+ if ((fstat(fh, &st)) == -1) {+ close(fh);
+ if (daemon_mode == FALSE)
+ printf("Warning: Cannot fstat log file '%s'\n", log_file);+ return NULL;
+ }
+ if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {+ close(fh);
+ if (daemon_mode == FALSE)
+ printf("Warning: log file '%s' has an invalid mode\n", log_file);+ return NULL;
+ }
+ }
+
+ if (fh != -1)
+ fp=fdopen(fh,"a+");
+
if(fp==NULL){if(daemon_mode==FALSE)
printf("Warning: Cannot open log file '%s' for writing\n",log_file);@@ -445,6 +466,8 @@ int write_log_file_info(time_t *timestamp){/* opens the debug log for writing */
int open_debug_log(void){+ int fh;
+ struct stat st;
/* don't do anything if we're not actually running... */
if(verify_config==TRUE || test_scheduling==TRUE)
@@ -454,7 +477,19 @@ int open_debug_log(void){if(debug_level==DEBUGL_NONE)
return OK;
- if((debug_file_fp=fopen(debug_file,"a+"))==NULL)
+ if ((fh = open(debug_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR)) == -1)
+ return ERROR;
+
+ if ((fstat(fh, &st)) == -1) {+ close(fh);
+ return ERROR;
+ }
+ if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {+ close(fh);
+ return ERROR;
+ }
+
+ if((debug_file_fp=fdopen(fh,"a+"))==NULL)
return ERROR;
return OK;