Ticket #87 (closed defect: fixed)

Opened 2 years ago

Last modified 20 months ago

[patch] MRTG 2.16.4, rateup, perl 5.10.1: taint mode problems with SNMP

Reported by: human Owned by: somebody
Version: Keywords:
Cc: stu-mrtgtrac-201001@…

Description

perl 5.10.1 has made some changes to taint mode which have been having a bad effect on a few programs, including MRTG if used with the --user parameter to drop privileges and fetching results by SNMP (although fetching results from a script succeeds). 

Insecure dependency in exec while running with -T switch at /usr/local/bin/mrtg line 1086.
2010-01-13 00:24:57: ERROR: Skipping webupdates because rateup did not return anything sensible
2010-01-13 00:24:57: WARNING: rateup died from Signal 0
 with Exit Value 255 when doing router 'sym_1'
 Signal was 0, Returncode was 255

the following diff fixes it for me, but I'm no perl hacker and it might well be incorrect/suboptimal. 

--- bin/mrtg.orig	Wed Jan 13 00:17:19 2010
+++ bin/mrtg	Wed Jan 13 00:17:49 2010
@@ -910,6 +910,14 @@ sub writegraphics {
     # set values to -1 to tell rateup about unknown values
     $inlast = -1 unless defined $inlast;
     $outlast = -1 unless defined $outlast;
+
+    # untaint
+    if ($inlast =~ /^([-0-9.]+)$/) {
+        $inlast = $1;
+    }
+    if ($outlast =~ /^([-0-9.]+)$/) {
+        $outlast = $1;
+    }
     
     if ($$rcfg{'options'}{'dorelpercent'}{$router}) {
         @exec = ("${FindBin::Bin}${MRTG_lib::SL}rateup",

Change History

comment:1 Changed 2 years ago by human

  • priority changed from major to critical

A similar change is needed for $time in sub getcurrent (after 'Get the uptime, device name, and'[...]).

comment:2 Changed 21 months ago by human

  • Summary changed from MRTG 2.16.2, rateup, perl 5.10.1: taint mode problems with SNMP to [patch] MRTG 2.16.2, rateup, perl 5.10.1: taint mode problems with SNMP

comment:3 Changed 21 months ago by human

  • Summary changed from [patch] MRTG 2.16.2, rateup, perl 5.10.1: taint mode problems with SNMP to [patch] MRTG 2.16.4, rateup, perl 5.10.1: taint mode problems with SNMP

Not fixed in 2.16.4; edit summary to reflect this.

Here's the diff against 2.16.4 with the similar change for getcurrent included. 

$OpenBSD: patch-bin_mrtg,v 1.3 2010/05/18 08:31:43 sthen Exp $
--- bin/mrtg.orig	Wed Jan 20 10:56:29 2010
+++ bin/mrtg	Tue Mar 16 15:26:34 2010
@@ -615,6 +615,9 @@ sub getcurrent {
 		$uptime = $target->[ $u ]{ _UPTIME_ };
 		$name = $target->[ $u ]{ _NAME_ };
 		$time = $target->[ $u ]{ _TIME_ };
+		if ($time =~ /^([-0-9.]+)$/) {
+			$time = $1;
+		}
 	}
 
 	# Set the time to the current time if it was not set above
@@ -950,6 +953,14 @@ sub writegraphics {
     # set values to -1 to tell rateup about unknown values
     $inlast = -1 unless defined $inlast;
     $outlast = -1 unless defined $outlast;
+
+    # untaint
+    if ($inlast =~ /^([-0-9.]+)$/) {
+        $inlast = $1;
+    }
+    if ($outlast =~ /^([-0-9.]+)$/) {
+        $outlast = $1;
+    }
     
     if ($$rcfg{'options'}{'dorelpercent'}{$router}) {
         @exec = ("${FindBin::Bin}${MRTG_lib::SL}rateup",

comment:4 Changed 20 months ago by oetiker

  • Status changed from new to closed
  • Resolution set to fixed

thanks ... applied in r294 and r293

Note: See TracTickets for help on using tickets.
 
Web design by Template Monster

NOTE: The content of this website is accessible with any browser. The graphical design though relies completely on CSS2 styles. If you see this text, this means that your browser does not support CSS2. Consider upgrading to a standard conformant browser like Mozilla Firefox or Opera but also Apple's Safari or KDE's Konqueror for example.