Bug#404818: Patch + CVE id

[Neil McGovern]

tags 404818 + patch
thanks

This has been assigned CVE id CVE-2006-6799, please mention this in the
changelog.

The attached pacth *should* fix the issue. I don't think it contains
regressions, but I haven't had time to test it.

When uploading, please do so with high urgency.

Many thanks,
Neil
-- 
* Tolimar votes for debconf7 to be somewhere where he speaks the
        language.
<Tolimar> That would a veto for switzerland ;)
<Ganneff> Tolimar: that also vetos germany

--- cmd.php	2007-01-09 00:01:08.539285701 +0000
+++ cmd.php	2007-01-09 00:09:07.109194451 +0000
@@ -26,7 +26,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (isset($_SERVER["argv"][0])) {
+if (isset($_SERVER["REQUEST_METHOD"])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
@@ -72,23 +72,23 @@
 		if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
 			$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
 					"id >= " .
-					$_SERVER["argv"][1] .
+					(int)$_SERVER["argv"][1] .
 					" and id <= " .
-					$_SERVER["argv"][2] . ") ORDER by id");
+					(int)$_SERVER["argv"][2] . ") ORDER by id");
 			$hosts = array_rekey($hosts,"id",$host_struc);
 			$host_count = sizeof($hosts);
 
 			$polling_items = db_fetch_assoc("SELECT * from poller_item " .
 					"WHERE (host_id >= " .
-					$_SERVER["argv"][1] .
+					(int)$_SERVER["argv"][1] .
 					" and host_id <= " .
-					$_SERVER["argv"][2] . ") ORDER by host_id");
+					(int)$_SERVER["argv"][2] . ") ORDER by host_id");
 
 			$script_server_calls = db_fetch_cell("SELECT count(*) from poller_item " .
 					"WHERE (action=2 AND (host_id >= " .
-					$_SERVER["argv"][1] .
+					(int)$_SERVER["argv"][1] .
 					" and host_id <= " .
-					$_SERVER["argv"][2] . "))");
+					(int)$_SERVER["argv"][2] . "))");
 		}else{
 			print "ERROR: Invalid Arguments.  The first argument must be less than or equal to the first.\n";
 			print "USAGE: CMD.PHP [[first_host] [second_host]]\n";
@@ -151,7 +151,7 @@
 			$host_update_time = date("Y-m-d H:i:s"); // for poller update time
 		}
 
-		$host_id = $item["host_id"];
+		$host_id = (int)$item["host_id"];
 
 		if (($new_host) && (!empty($host_id))) {
 			$ping->host["hostname"]       = $item["hostname"];

signature.asc
Description: Digital signature