nagios-nrpe: Fix CVE-2020-6581

Backport fix for CVE-2020-6581 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-07-19 12:50:22 +02:00 · 2020-04-30 16:48:15 -07:00 · 2020-04-30 16:48:15 -07:00 · 22e3282ee2
commit 22e3282ee2
parent 3b217da980
2 changed files with 31 additions and 0 deletions
--- a/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
+++ b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
@ -0,0 +1,30 @@
+From 4f7dd1199f1f3f72f9197e8565da339a4a2490b7 Mon Sep 17 00:00:00 2001
+From: madlohe <swolf@nagios.com>
+Date: Thu, 23 Apr 2020 15:33:18 -0500
+Subject: [PATCH] Should fix #235 (nasty_metachars was not being returned when
+ specified in cfg file
+
+CVE: CVE-2020-6581
+Upstream Status: Backport [4f7dd1199f1f3f72f9197e8565da339a4a2490b7]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/nrpe.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/nrpe.c b/src/nrpe.c
+index 01fbd1d..bf64963 100644
+--- a/src/nrpe.c
+++ b/src/nrpe.c
+@@ -823,6 +823,8 @@ char* process_metachars(const char* input)
+ 		}
+ 	}
+ 	copy[j] = '\0';
+
+	return copy;
+ }
+ 
+ /* read in the configuration file */
+-- 
+2.20.1
+
--- a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
+++ b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
@ -13,6 +13,7 @@ SRCNAME = "nrpe"
 SRC_URI = "https://github.com/NagiosEnterprises/nrpe/releases/download/${SRCNAME}-${PV}/${SRCNAME}-${PV}.tar.gz \
           file://check_nrpe.cfg \
           file://nagios-nrpe.service \
+           file://0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch \
 "

 SRC_URI[md5sum] = "37b9e23b3e8d75308f8b31f3b61ee8a4"