[icinga-checkins] icinga.org: icinga-core/rbartels/cgi-current: classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

git at icinga.org git at icinga.org
Thu Mar 17 10:56:03 CET 2011


Module: icinga-core
Branch: rbartels/cgi-current
Commit: 5afdc144a77f42685a178afb1c04807d0c75b6ae
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=5afdc144a77f42685a178afb1c04807d0c75b6ae

Author: Michael Friedrich <michael.friedrich at univie.ac.at>
Date:   Wed Mar 16 17:44:14 2011 +0100

classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

fixes #1289

---

 Changelog     |    1 +
 cgi/cgiauth.c |   57 ++++++++++++++++++++++++++++++++-------------------------
 2 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/Changelog b/Changelog
index a1f62b9..c828591 100644
--- a/Changelog
+++ b/Changelog
@@ -25,6 +25,7 @@ FIXES
 * classic ui: statusmap.cgi: fixed XSS vulnerability #1281
 * classic ui: fix display_name survive reconfiguration and is use instead of host_name in classic ui #1282
 * classic ui: don't show pause/continue urls on non-refreshable pages
+* classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289
 
 * install: replace configure option --with-checkresults-dir by --with-spool-dir #1224
 * install: use *.so instead of *.o for solaris, patch in contrib/solaris/ #524
diff --git a/cgi/cgiauth.c b/cgi/cgiauth.c
index 4884d38..8c25895 100644
--- a/cgi/cgiauth.c
+++ b/cgi/cgiauth.c
@@ -64,14 +64,14 @@ int get_authentication_information(authdata *authinfo){
 	if(use_ssl_authentication) {
 		/* patch by Pawl Zuzelski - 7/22/08 */
 		temp_ptr=getenv("SSL_CLIENT_S_DN_CN");
-		}
+	}
 	else{
 		temp_ptr=getenv("REMOTE_USER");
-		}
+	}
 	if(temp_ptr==NULL){
 		authinfo->username="";
 		authinfo->authenticated=FALSE;
-	        }
+	}
 	else{
 		authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
 		if(authinfo->username==NULL)
@@ -82,7 +82,7 @@ int get_authentication_information(authdata *authinfo){
 			authinfo->authenticated=FALSE;
 		else
 			authinfo->authenticated=TRUE;
-	        }
+	}
 
 	/* read in authorization override vars from config file... */
 	if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
@@ -102,91 +102,98 @@ int get_authentication_information(authdata *authinfo){
 			if(!strcmp(authinfo->username,"") && strstr(input,"default_user_name=")==input){
 				temp_ptr=strtok(input,"=");
 				temp_ptr=strtok(NULL,",");
-				authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
-				if(authinfo->username==NULL)
+
+				if(temp_ptr==NULL){
 					authinfo->username="";
-				else
-					strcpy(authinfo->username,temp_ptr);
-				if(!strcmp(authinfo->username,""))
 					authinfo->authenticated=FALSE;
-				else
-					authinfo->authenticated=TRUE;
-			        }
+				}
+				else{
+					authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
+					if(authinfo->username==NULL)
+						authinfo->username="";
+					else
+						strcpy(authinfo->username,temp_ptr);
+					if(!strcmp(authinfo->username,""))
+						authinfo->authenticated=FALSE;
+					else
+						authinfo->authenticated=TRUE;
+				}
+		        }
 
 			else if(strstr(input,"authorized_for_all_hosts=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_all_hosts=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_all_services=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_all_services=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_system_information=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_system_information=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_configuration_information=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_configuration_information=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_all_host_commands=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_all_host_commands=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_all_service_commands=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_all_service_commands=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_system_commands=")==input){
 				temp_ptr=strtok(input,"=");
 				while((temp_ptr=strtok(NULL,","))){
 					if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
 						authinfo->authorized_for_system_commands=TRUE;
-				        }
 			        }
+		        }
 			else if(strstr(input,"authorized_for_read_only=")==input){
                                 temp_ptr=strtok(input,"=");
                                 while((temp_ptr=strtok(NULL,","))){
                                         if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
                                                 authinfo->authorized_for_read_only=TRUE;
-                                        }
-                                }
+                        	}
+                        }
 			else if(strstr(input,"authorization_config_file=")==input){
 				temp_ptr=strtok(input,"=");
 				temp_ptr=strtok(NULL,"\n");
 				if(temp_ptr!=NULL)
 					parse_authorization_config_file(temp_ptr, authinfo);
-				}
-		        }
+			}
+		}
 
 		/* free memory and close the file */
 		free(input);
 		mmap_fclose(thefile);
-	        }
+	}
 
 	if(authinfo->authenticated==TRUE)
 		return OK;
 	else
 		return ERROR;
-        }
+}
 
 /* parsing authorization configuration file */
 int parse_authorization_config_file(char* filename, authdata* authinfo){





More information about the icinga-checkins mailing list