bevhost / rpms / mysql-mmm

Forked from rpms/mysql-mmm 6 years ago
Clone
Source Code
GIT

Files

  1.   d84a6099498bb732472e5f2f356e4d7a4bb2d79f
  2.   mysql-mmm-fix-cve-remote-command-injection.patch
Blob Blame History Raw 
diff --git a/lib/Agent/Helpers.pm b/lib/Agent/Helpers.pm
index 24caae8..c0155e4 100644
--- a/lib/Agent/Helpers.pm
+++ b/lib/Agent/Helpers.pm
@@ -168,6 +168,10 @@ sub _execute($$$) {
 	my $config_file		= $main::agent->config_file;
 	$params = '' unless defined($params);
 
+	if ($params !~ /^[\w\. \:\-]*$/) {
+		_exit_error("ERROR: Invalid Parameter");
+	}
+
 	DEBUG "Executing $path $config_file $params";
 	my $res = `$path $config_file $params 2>&1`;
 
diff --git a/lib/Agent/Helpers/Network.pm b/lib/Agent/Helpers/Network.pm
index 8ef4468..b0d5a8b 100644
--- a/lib/Agent/Helpers/Network.pm
+++ b/lib/Agent/Helpers/Network.pm
@@ -33,6 +33,10 @@ sub check_ip($$) {
 	my $if = shift;
 	my $ip = shift;
 
+	if ($ip !~ /^[\d\.]*$/) {
+		_exit_error("ERROR: Invalid IP Address");
+	}
+
 	my $output;
 	if ($OSNAME eq 'linux') {
 		$output = `/sbin/ip addr show dev $if`;
@@ -65,6 +69,10 @@ sub add_ip($$) {
 	my $if = shift;
 	my $ip = shift;
 
+	if ($ip !~ /^[\d\.]*$/) {
+		_exit_error("ERROR: Invalid IP Address");
+	}
+
 	my $output;
 	if ($OSNAME eq 'linux') {
 		$output = `/sbin/ip addr add $ip/32 dev $if`;
@@ -101,6 +109,10 @@ sub clear_ip($$) {
 	my $if = shift;
 	my $ip = shift;
 
+	if ($ip !~ /^[\d\.]*$/) {
+		_exit_error("ERROR: Invalid IP Address");
+	}
+
 	my $output;
 	if ($OSNAME eq 'linux') {
 		$output = `/sbin/ip addr del $ip/32 dev $if`;
@@ -130,6 +142,9 @@ sub send_arp($$) {
 	my $if = shift;
 	my $ip = shift;
 
+	if ($ip !~ /^[\d\.]*$/) {
+		_exit_error("ERROR: Invalid IP Address");
+	}
 
 	if ($OSNAME eq 'linux' || $OSNAME eq 'freebsd') {
 		my $mac = '';
diff --git a/lib/Common/Role.pm b/lib/Common/Role.pm
index 7cd4dc9..211ab5f 100644
--- a/lib/Common/Role.pm
+++ b/lib/Common/Role.pm
@@ -59,7 +59,7 @@ sub from_string($$) {
 	my $class	= shift;
 	my $string	= shift;
 
-	if (my ($name, $ip) = $string =~ /(.*)\((.*)\)/) {
+	if (my ($name, $ip) = $string =~ /^([\w_\.\-]+)\(([\d\.]+)\)$/) {
 		return $class->new(name => $name, ip => $ip);
 	}
 	return undef;
diff --git a/lib/Common/Socket.pm b/lib/Common/Socket.pm
index 6adecd1..38e1f7b 100644
--- a/lib/Common/Socket.pm
+++ b/lib/Common/Socket.pm
@@ -80,6 +80,7 @@ sub create_sender($$$) {
 			SSL_cert_file	=> $main::config->{'socket'}->{cert_file},
 			SSL_key_file	=> $main::config->{'socket'}->{key_file},
 			SSL_ca_file		=> $main::config->{'socket'}->{ca_file},
+			SSL_verify_mode => 0x03 # SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
 		);
 	}
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.