Opened 12 years ago

Closed 12 years ago

#89 closed defect (fixed)

MRTG 2.16.3 perl 5.10.1 taint mode triggered at startup if mrtg.pid exists

Reported by: human Owned by: somebody
Version: Keywords:
Cc:

Description

This untaints the pid read from the file.

--- lib/mrtg2/MRTG_lib.pm.orig Wed Jan 20 10:56:30 2010 +++ lib/mrtg2/MRTG_lib.pm Fri Jan 29 10:20:22 2010 @@ -1186,8 +1186,10 @@ sub demonize_me ($) {

if (defined $pidfile && open(READPID, "<$pidfile")){

if (not eof READPID) {

chomp(my $input = <READPID>); # read process id in pidfile

  • if ($input && kill 0 => $input) {# oops - the pid actually exists
  • die "ERROR: I Quit! Another copy of mrtg seems to be running. Check $pidfile\n";

+ if ($input && $input =~ /([0-9]+)$/) { + if (kill 0 => $1) {# oops - the pid actually exists + die "ERROR: I Quit! Another copy of mrtg seems to be running. Check $pidfile\n"; + }

}

} close READPID;

Change History (2)

comment:1 Changed 12 years ago by human

wiki formatting...

$OpenBSD$
--- lib/mrtg2/MRTG_lib.pm.orig	Wed Jan 20 10:56:30 2010
+++ lib/mrtg2/MRTG_lib.pm	Fri Jan 29 10:20:22 2010
@@ -1186,8 +1186,10 @@ sub demonize_me ($) {
            if (defined $pidfile && open(READPID, "<$pidfile")){
                if (not eof READPID) {
                    chomp(my $input = <READPID>);    # read process id in pidfile
-                   if ($input && kill 0 => $input) {# oops - the pid actually exists
-                        die "ERROR: I Quit! Another copy of mrtg seems to be running. Check $pidfile\n";
+                   if ($input && $input =~ /^([0-9]+)$/) {
+                       if (kill 0 => $1) {# oops - the pid actually exists
+                           die "ERROR: I Quit! Another copy of mrtg seems to be running. Check $pidfile\n";
+                       }
                    }
                }
                close READPID;

comment:2 Changed 12 years ago by human

  • Resolution set to fixed
  • Status changed from new to closed

similar fix committed in r283

Note: See TracTickets for help on using tickets.
 

NOTE: The content of this website is accessible with any browser. The graphical design though relies completely on CSS2 styles. If you see this text, this means that your browser does not support CSS2. Consider upgrading to a standard conformant browser like Mozilla Firefox or Opera but also Apple's Safari or KDE's Konqueror for example.