84 lines
2.2 KiB
Diff
84 lines
2.2 KiB
Diff
Index: src/libs/zbxsysinfo/sysinfo.c
|
|
===================================================================
|
|
--- src/libs/zbxsysinfo/sysinfo.c (revision 40346)
|
|
+++ src/libs/zbxsysinfo/sysinfo.c (working copy)
|
|
@@ -267,13 +267,49 @@
|
|
test_parameter(commands[i].key, PROCESS_TEST | PROCESS_USE_TEST_PARAM);
|
|
}
|
|
|
|
+static int zbx_check_user_parameter(const char *param, char *error, int max_error_len)
|
|
+{
|
|
+ const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@\n", *c;
|
|
+ char *buf = NULL;
|
|
+ size_t buf_alloc = 128, buf_offset = 0;
|
|
+
|
|
+ if (0 != CONFIG_UNSAFE_USER_PARAMETERS)
|
|
+ return SUCCEED;
|
|
+
|
|
+ for (c = suppressed_chars; '\0' != *c; c++)
|
|
+ {
|
|
+ if (NULL == strchr(param, *c))
|
|
+ continue;
|
|
+
|
|
+ buf = zbx_malloc(buf, buf_alloc);
|
|
+
|
|
+ for (c = suppressed_chars; '\0' != *c; c++)
|
|
+ {
|
|
+ if (c != suppressed_chars)
|
|
+ zbx_strcpy_alloc(&buf, &buf_alloc, &buf_offset, ", ");
|
|
+
|
|
+ if (0 != isprint(*c))
|
|
+ zbx_chrcpy_alloc(&buf, &buf_alloc, &buf_offset, *c);
|
|
+ else
|
|
+ zbx_snprintf_alloc(&buf, &buf_alloc, &buf_offset, "0x%02x", *c);
|
|
+ }
|
|
+
|
|
+ zbx_snprintf(error, max_error_len, "special characters \"%s\" are not allowed in the parameters", buf);
|
|
+
|
|
+ zbx_free(buf);
|
|
+
|
|
+ return FAIL;
|
|
+ }
|
|
+
|
|
+ return SUCCEED;
|
|
+}
|
|
+
|
|
static int replace_param(const char *cmd, const char *param, char *out, int outlen, char *error, int max_error_len)
|
|
{
|
|
int ret = SUCCEED;
|
|
char buf[MAX_STRING_LEN];
|
|
char command[MAX_STRING_LEN];
|
|
char *pl, *pr;
|
|
- const char suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@", *c;
|
|
|
|
assert(out);
|
|
|
|
@@ -305,25 +341,10 @@
|
|
{
|
|
get_param(param, (int)(pr[1] - '0'), buf, sizeof(buf));
|
|
|
|
- if (0 == CONFIG_UNSAFE_USER_PARAMETERS)
|
|
- {
|
|
- for (c = suppressed_chars; '\0' != *c; c++)
|
|
- {
|
|
- if (NULL != strchr(buf, *c))
|
|
- {
|
|
- zbx_snprintf(error, max_error_len, "Special characters '%s'"
|
|
- " are not allowed in the parameters",
|
|
- suppressed_chars);
|
|
- ret = FAIL;
|
|
- break;
|
|
- }
|
|
- }
|
|
- }
|
|
+ if (SUCCEED != (ret = zbx_check_user_parameter(buf, error, max_error_len)))
|
|
+ break;
|
|
}
|
|
|
|
- if (FAIL == ret)
|
|
- break;
|
|
-
|
|
zbx_strlcat(out, buf, outlen);
|
|
outlen -= MIN((int)strlen(buf), (int)outlen);
|
|
|