Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
pacemaker.13547
pacemaker-crm_mon-CGI-bail-out-on-suspicious-ar...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pacemaker-crm_mon-CGI-bail-out-on-suspicious-arguments.patch of Package pacemaker.13547
commit eaea6ba8493c7855b76e48e3d506840be3e687c5 Author: Jan Pokorný <jpokorny@redhat.com> Date: Fri Jul 14 16:13:12 2017 +0200 Med: crm_mon: make CGI bail out on suspicious arguments Also make it clear that the modes are now mutually exclusive in the help text. diff --git a/tools/crm_mon.c b/tools/crm_mon.c index 9b8a83a4c..c297dc99b 100644 --- a/tools/crm_mon.c +++ b/tools/crm_mon.c @@ -358,7 +358,7 @@ static struct crm_option long_options[] = { {"verbose", 0, 0, 'V', "\tIncrease debug output"}, {"quiet", 0, 0, 'Q', "\tDisplay only essential output" }, - {"-spacer-", 1, 0, '-', "\nModes:"}, + {"-spacer-", 1, 0, '-', "\nModes (mutually exclusive):"}, {"as-html", 1, 0, 'h', "\tWrite cluster status to the named html file"}, {"as-xml", 0, 0, 'X', "\t\tWrite cluster status as xml to stdout. This will enable one-shot mode."}, {"web-cgi", 0, 0, 'w', "\t\tWeb mode with output suitable for cgi"}, @@ -637,19 +637,24 @@ main(int argc, char **argv) if(optarg == NULL) { return crm_help(flag, EX_USAGE); } + argerr += (output_format != mon_output_console); output_format = mon_output_html; output_filename = strdup(optarg); umask(S_IWGRP | S_IWOTH); break; case 'X': + argerr += (output_format != mon_output_console); output_format = mon_output_xml; one_shot = TRUE; break; case 'w': + /* do not allow argv[0] and argv[1...] redundancy */ + argerr += (output_format != mon_output_console); output_format = mon_output_cgi; one_shot = TRUE; break; case 's': + argerr += (output_format != mon_output_console); output_format = mon_output_monitor; one_shot = TRUE; break; @@ -696,7 +701,17 @@ main(int argc, char **argv) } } - if (optind < argc) { + /* Extra sanity checks when in CGI mode */ + if (output_format == mon_output_cgi) { + argerr += (optind < argc); + argerr += (output_filename != NULL); + argerr += (xml_file != NULL); + argerr += (snmp_target != NULL); + argerr += (crm_mail_to != NULL); + argerr += (external_agent != NULL); + argerr += (daemonize == TRUE); /* paranoia */ + + } else if (optind < argc) { printf("non-option ARGV-elements: "); while (optind < argc) printf("%s ", argv[optind++]);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor