Protect user against bad regexps

author Jamie Cameron <jcameron@webmin.com>

Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)

committer Jamie Cameron <jcameron@webmin.com>

Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)
author Jamie Cameron <jcameron@webmin.com>
Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)
committer Jamie Cameron <jcameron@webmin.com>
Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)
diff --git a/status/http-monitor.pl b/status/http-monitor.pl

index c688064..28f61ef 100644 (file)
--- a/status/http-monitor.pl
+++ b/status/http-monitor.pl
@@ -42,9 +42,12 @@ eval {
                 while(defined($buf = &read_http_connection($con))) {
                         $data .= $buf;
                         }
-               if ($data !~ /$re/i) {
-                       $up = 0;
-                       }
+               eval {
+                       # Check for regexp match
+                       if ($data !~ /$re/i) {
+                               $up = 0;
+                               }
+                       };
                 }
  
         &close_http_connection($con);
diff --git a/status/proc-monitor.pl b/status/proc-monitor.pl

index 91dc734..9907b1c 100644 (file)
--- a/status/proc-monitor.pl
+++ b/status/proc-monitor.pl
@@ -7,7 +7,7 @@ local (@found, $count);
  return { 'up' => -1 } if (!&foreign_check("proc"));
  &foreign_require("proc", "proc-lib.pl");
  foreach $p (&foreign_call("proc", "list_processes")) {
-       if ($p->{'args'} =~ /$_[0]->{'cmd'}/i &&
+       if (eval { $p->{'args'} =~ /$_[0]->{'cmd'}/i } &&
             (!$_[0]->{'asuser'} || $_[0]->{'asuser'} eq $p->{'user'})) {
                 push(@found, $p->{'pid'});
                 $count++;
author	Jamie Cameron <jcameron@webmin.com>
	Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)
committer	Jamie Cameron <jcameron@webmin.com>
	Thu, 13 Nov 2008 18:51:48 +0000 (18:51 +0000)
status/http-monitor.pl		patch \| blob \| history
status/proc-monitor.pl		patch \| blob \| history