summaryrefslogtreecommitdiff
blob: 79bb92f4bae0b48acd31615e647b351c546b6cef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
Index: src/libs/zbxsysinfo/sysinfo.c
===================================================================
--- src/libs/zbxsysinfo/sysinfo.c	(revision 40348)
+++ src/libs/zbxsysinfo/sysinfo.c	(working copy)
@@ -427,13 +427,49 @@
 	test_aliases();
 }
 
+static int	zbx_check_user_parameter(const char *param, char *error, int max_error_len)
+{
+	const char	suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@\n", *c;
+	char		*buf = NULL;
+	size_t		buf_alloc = 128, buf_offset = 0;
+
+	if (0 != CONFIG_UNSAFE_USER_PARAMETERS)
+		return SUCCEED;
+
+	for (c = suppressed_chars; '\0' != *c; c++)
+	{
+		if (NULL == strchr(param, *c))
+			continue;
+
+		buf = zbx_malloc(buf, buf_alloc);
+
+		for (c = suppressed_chars; '\0' != *c; c++)
+		{
+			if (c != suppressed_chars)
+				zbx_strcpy_alloc(&buf, &buf_alloc, &buf_offset, ", ");
+
+			if (0 != isprint(*c))
+				zbx_chrcpy_alloc(&buf, &buf_alloc, &buf_offset, *c);
+			else
+				zbx_snprintf_alloc(&buf, &buf_alloc, &buf_offset, "0x%02x", *c);
+		}
+
+		zbx_snprintf(error, max_error_len, "special characters \"%s\" are not allowed in the parameters", buf);
+
+		zbx_free(buf);
+
+		return FAIL;
+	}
+
+	return SUCCEED;
+}
+
 static int	replace_param(const char *cmd, const char *param, char *out, int outlen, char *error, int max_error_len)
 {
 	int		ret = SUCCEED;
 	char		buf[MAX_STRING_LEN];
 	char		command[MAX_STRING_LEN];
 	char		*pl, *pr;
-	const char	suppressed_chars[] = "\\'\"`*?[]{}~$!&;()<>|#@", *c;
 
 	assert(out);
 
@@ -465,25 +501,10 @@
 			{
 				get_param(param, (int)(pr[1] - '0'), buf, sizeof(buf));
 
-				if (0 == CONFIG_UNSAFE_USER_PARAMETERS)
-				{
-					for (c = suppressed_chars; '\0' != *c; c++)
-					{
-						if (NULL != strchr(buf, *c))
-						{
-							zbx_snprintf(error, max_error_len, "Special characters '%s'"
-									" are not allowed in the parameters",
-									suppressed_chars);
-							ret = FAIL;
-							break;
-						}
-					}
-				}
+				if (SUCCEED != (ret = zbx_check_user_parameter(buf, error, max_error_len)))
+					break;
 			}
 
-			if (FAIL == ret)
-				break;
-
 			zbx_strlcat(out, buf, outlen);
 			outlen -= MIN((int)strlen(buf), (int)outlen);