munin/munin-CVE-2012-2147.patch

diff --git a/common/lib/Munin/Common/Config.pm b/common/lib/Munin/Common/Config.pm
index 81b1dc8..76ff088 100644
--- a/common/lib/Munin/Common/Config.pm
+++ b/common/lib/Munin/Common/Config.pm
@@ -37,6 +37,7 @@ my %legal = map { $_ => 1 } (
 	"cdef_name", "graphable", "process", "realname",
 	"onlynullcdef", "group_order", "pipe", "pipe_command",
 	"unknown_limit", "num_unknowns", "dropdownlimit",
+	"max_size_x", "max_size_y",
 	"max_graph_jobs", "max_cgi_graph_jobs", "munin_cgi_graph_jobs",
         "max_html_jobs", "num_messages");
 
diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in
index 72a13ba..f09ca17 100755
--- a/master/_bin/munin-cgi-graph.in
+++ b/master/_bin/munin-cgi-graph.in
@@ -265,6 +265,22 @@ sub verify_parameters
 			exit 1;
 		}
 	}
+
+       # Checks the image size requested.
+       if (( CGI::param("size_x") || "") =~ m/^(\d+)/) {
+               my $max_size_x = ( $config->{max_size_x} || 4000);
+               if ($1 > $max_size_x) {
+                       print STDERR "Warning: Asked image size x too large : $1 > $max_size_x. Bailing out.\n";
+                       exit 1;
+               }
+       }
+       if (( CGI::param("size_y") || "") =~ m/^(\d+)/) {
+               my $max_size_y = ($config->{max_size_y} || 4000);
+               if ($1 > $max_size_y) {
+                       print STDERR "Warning: Asked image size y too large : $1 > $max_size_y. Bailing out.\n";
+                       exit 1;
+               }
+       }
 }
- update to bugfix release 1.4.7 - fixed CVE-2012-2147 (bnc#759910) - new upstream version <1.4.5> * bugfix release - new upstream version <1.4.4> - new upstream release <1.4.3> - new upstream release <1.4.2> - new upstream release <1.4.1> - new upstream release <1.4.0> - add UTF8 patch - new upstream release <1.2.6> - new upstream release <1.2.5> - Fixed missing /sbin/rcmunin-node - First build for packman - 1.2.3 release - 1.2.2 release - Fixed SF bug 1164481 (missing /srv/www/htdocs/munin) OBS-URL: https://build.opensuse.org/package/show/server:monitoring/munin?expand=0&rev=2 2012-05-03 15:10:52 +00:00			`diff --git a/common/lib/Munin/Common/Config.pm b/common/lib/Munin/Common/Config.pm`
			`index 81b1dc8..76ff088 100644`
			`--- a/common/lib/Munin/Common/Config.pm`
			`+++ b/common/lib/Munin/Common/Config.pm`
			`@@ -37,6 +37,7 @@ my %legal = map { $_ => 1 } (`
			`"cdef_name", "graphable", "process", "realname",`
			`"onlynullcdef", "group_order", "pipe", "pipe_command",`
			`"unknown_limit", "num_unknowns", "dropdownlimit",`
			`+ "max_size_x", "max_size_y",`
			`"max_graph_jobs", "max_cgi_graph_jobs", "munin_cgi_graph_jobs",`
			`"max_html_jobs", "num_messages");`

			`diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in`
			`index 72a13ba..f09ca17 100755`
			`--- a/master/_bin/munin-cgi-graph.in`
			`+++ b/master/_bin/munin-cgi-graph.in`
			`@@ -265,6 +265,22 @@ sub verify_parameters`
			`exit 1;`
			`}`
			`}`
			`+`
			`+ # Checks the image size requested.`
			`+ if (( CGI::param("size_x") \|\| "") =~ m/^(\d+)/) {`
			`+ my $max_size_x = ( $config->{max_size_x} \|\| 4000);`
			`+ if ($1 > $max_size_x) {`
			`+ print STDERR "Warning: Asked image size x too large : $1 > $max_size_x. Bailing out.\n";`
			`+ exit 1;`
			`+ }`
			`+ }`
			`+ if (( CGI::param("size_y") \|\| "") =~ m/^(\d+)/) {`
			`+ my $max_size_y = ($config->{max_size_y} \|\| 4000);`
			`+ if ($1 > $max_size_y) {`
			`+ print STDERR "Warning: Asked image size y too large : $1 > $max_size_y. Bailing out.\n";`
			`+ exit 1;`
			`+ }`
			`+ }`
			`}`