[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-repl-monitor-cgi.pl, 1.4, 1.4.2.1

[Noriko Hosoi (nhosoi)]

Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673/ldap/admin/src/scripts

Modified Files:
      Tag: Directory71RtmBranch
	template-repl-monitor-cgi.pl 
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.



Index: template-repl-monitor-cgi.pl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Attic/template-repl-monitor-cgi.pl,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- template-repl-monitor-cgi.pl	19 Apr 2005 22:07:00 -0000	1.4
+++ template-repl-monitor-cgi.pl	30 Apr 2008 18:28:25 -0000	1.4.2.1
@@ -40,33 +40,40 @@
 
 use Cgi;
 
-$params = "";
-$params .= " -h $cgiVars{'servhost'}" if $cgiVars{'servhost'};
-$params .= " -p $cgiVars{'servport'}" if $cgiVars{'servport'};
-$params .= " -f $cgiVars{'configfile'}" if $cgiVars{'configfile'};
-$params .= " -t $cgiVars{'refreshinterval'}" if $cgiVars{'refreshinterval'};
-if ($cgiVars{'admurl'}) {
-	$admurl = "$cgiVars{'admurl'}";
-	if ( $ENV{'QUERY_STRING'} ) {
-		$admurl .= "?$ENV{'QUERY_STRING'}";
-	}
-	elsif ( $ENV{'CONTENT_LENGTH'} ) {
-		$admurl .= "?$Cgi::CONTENT";
-	}
-	$params .= " -u \"$admurl\"";
-}
-$siteroot = $cgiVars{'siteroot'};
+ at ARGV = (); # clear it out
+my $configfile = $ENV{ADMSERV_ROOT} . "/replmon.conf";
+push @ARGV, '-f', $configfile;
+
+my $refreshinterval = $cgiVars{'refreshinterval'} ? int($cgiVars{'refreshinterval'}) : "300";
+push @ARGV, '-t', $refreshinterval;
+
+my $siteroot = $ENV{NETSITE_ROOT};
 $perl = "$siteroot/bin/slapd/admin/bin/perl";
 $ENV{'LD_LIBRARY_PATH'} = "$siteroot/lib:$siteroot/lib/nsPerl5.005_03/lib";
 
-# Save user-specified parameters as cookies in monreplication.properties.
-# Sync up with the property file so that monreplication2 is interval, and
-# monreplication3 the config file pathname.
-$propertyfile = "$siteroot/bin/admin/admin/bin/property/monreplication.properties";
-$edit1 = "s#monreplication2=.*#monreplication2=$cgiVars{'refreshinterval'}#;";
-$edit2 = "s#^monreplication3=.*#monreplication3=$cgiVars{'configfile'}#;";
-system("$perl -p -i.bak -e \"$edit1\" -e \"$edit2\" $propertyfile");
+my $admurl = "http://";
+if ($ENV{HTTPS} and (lc($ENV{HTTPS}) eq "on")) {
+    $admurl = "https://";
+}
+$admurl .= $ENV{HTTP_HOST} . $ENV{SCRIPT_NAME} . "?refreshinterval=$refreshinterval";
+push @ARGV, '-u', $admurl;
+
+if ($configfile and -f $configfile) {
+    # have to grab the first host from it
+    if (open(CONFFILE, $configfile)) {
+        while (<CONFFILE>) {
+            next if (/^\#/); # skip comments
+            next if (/^\s*$/); # skip blank lines
+            next if (/^\[/); # skip sections
+            my ($host, $port, $rest) = split(/:/);
+            push @ARGV, '-h', $host;
+            push @ARGV, '-p', $port;
+            last;
+        }
+        close CONFFILE;
+    }
+}
 
 # Now the real work
 $replmon = "$siteroot/bin/slapd/admin/scripts/template-repl-monitor.pl";
-system("$perl $replmon $params");
+exec $perl, $replmon, @ARGV;