Dave,
the CVS contain the patch.
Andrea
Dave Stern wrote:
I've downloaded nagios 2-3.1 for a number of architectures after the
cgi buffer overflow exploit described in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162
The compile for our server (Rhel3) went fine. But To keep things clean,
I want to replace the structure on other OS's including Solaris8. Here's
what I'm getting. The line indicated appears to be new code to check for
the buffer overflow. Has anyone had any probs building this on solaris?
....
gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -c -o perfdata-base.o perfdata.c
gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -c -o xperfdata-base.o
../xdata/xpddefault.c
gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -c -o downtime-base.o
../common/downtime.c
gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -c -o xdowntime-base.o
../xdata/xdddefault.c
gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -o nagios nagios.c broker.o
nebmods.o checks.o config.o commands.o events.o flapping.o logging.o
notifications.o sehandlers.o utils.o retention-base.o xretention-base.o
comments-base.o xcomments-base.o objects-base.o xobjects-base.o
statusdata-base.o xstatusdata-base.o perfdata-base.o xperfdata-base.o
downtime-base.o xdowntime-base.o -Wl,-export-dynamic -lm
-lpthread -lltdl -lrt gcc -g -O2 -DHAVE_CONFIG_H -DNSCORE -o nagiostats
nagiostats.c -lm -lrt make[1]: Leaving directory `/tmp/nagios-2.3.1/base'
cd ./cgi && make
make[1]: Entering directory `/tmp/nagios-2.3.1/cgi'
gcc -g -O2 -DHAVE_CONFIG_H -DNSCGI -c -o getcgi.o getcgi.c
getcgi.c: In function `getcgivars':
getcgi.c:174: `INT_MAX' undeclared (first use in this function)
getcgi.c:174: (Each undeclared identifier is reported only once
getcgi.c:174: for each function it appears in.)
make[1]: *** [getcgi.o] Error 1
make[1]: Leaving directory `/tmp/nagios-2.3.1/cgi'
make: *** [all] Error 2
Here's the line numbers for getcgi.c
173 /* suspicious content length */
174 if((content_length<0) || (content_length>=INT_MAX-1)){
175 printf("getcgivars(): Suspicious
Content-Length was sent with the POST request.\n");
176 exit(1);
177 }
Fortunately, we only use the plugins on Solaris but I'd like to get the
whole structure built anyhow.
TIA
=-=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=
David Stern University of Maryland
Institute for Advanced Computer Studies
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. ::: Messages without supporting info will risk
being sent to /dev/null
--
---------------------------------------
The truth is out there? Anyone knows the URL?
---------------------------------------
Ing. Andrea Gabellini
Email: [EMAIL PROTECTED]
Tel: 0549 886111 (Italy)
Tel. +378 0549 886111 (International)
Telecom Italia San Marino S.p.A.
Strada degli Angariari, 3
47891 Rovereta
Repubblic of San Marino
http://www.omniway.sm http://www.telecomitalia.sm
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
