[rrd-developers] [Mario.Holbe at RZ.TU-Ilmenau.DE: Bug#243794: rrdcgi: doesn't handle quotes]
Matt Zimmerman
mdz at debian.org
Wed Apr 14 23:59:13 MEST 2004
----- Forwarded message from Mario 'BitKoenig' Holbe <Mario.Holbe at RZ.TU-Ilmenau.DE> -----
Date: Wed, 14 Apr 2004 23:41:12 +0200
From: Mario 'BitKoenig' Holbe <Mario.Holbe at RZ.TU-Ilmenau.DE>
Resent-From: "Mario 'BitKoenig' Holbe" <Mario.Holbe at RZ.TU-Ilmenau.DE>
To: submit at bugs.debian.org
Subject: Bug#243794: rrdcgi: doesn't handle quotes
Package: rrdtool
Version: 1.0.46-3
Hello,
rrdcgi doesn't respect/handle quotes, not even it's own ones.
I tried to write some cgi script that gets the name of
the rrd database to use from a cgi variable:
http://.../script.cgi?file=foo.rrd
<RRD::GRAPH /tmp/foo.png -a PNG
--imginfo '<img src=/%s width=%lu height=%lu/>'
DEF:ds0=/tmp/<RRD::CV::PATH file>:ds0:AVERAGE
LINE2:ds0#0000ff>
should do the trick, /tmp/foo.rrd exists, but it gives me:
[ERROR: opening '/tmp/"foo.rrd"': No such file or directory]
Of course, one would use RRD::CV::PATH here, because
else, attackers could give insecure filenames. And
of course, /tmp/"foo.rrd" does not exist, but /tmp/foo.rrd
does :)
Something similar happens when I tried to give the data
source as variable:
http://.../script.cgi?ds=ds0
<RRD::GRAPH /tmp/foo.png -a PNG
--imginfo '<img src=/%s width=%lu height=%lu/>'
DEF:<RRD::CV::QUOTE ds>=/tmp/foo.rrd:<RRD::CV::QUOTE ds>:AVERAGE
LINE2:<RRD::CV::QUOTE ds>#0000ff>
it results in:
[ERROR: can't parse DEF '"ds0"=/tmp/foo.rrd:"ds0":AVERAGE']
And last but not least, when I try the example from
the manpage:
<RRD::GRAPH /tmp/foo-<RRD::CV::PATH id>.png -a PNG
--imginfo '<img src=/%s width=%lu height=%lu/>'
DEF:ds0=/tmp/foo.rrd:ds0:AVERAGE
LINE2:ds0#0000ff>
it creates a file whose name is /tmp/"ds0".png.
I hope, this is enough input to reproduce it :)
regards,
Mario
--
Ho ho ho! I am Santa Claus of Borg. Nice assimilation all together!
----- End forwarded message -----
--
- mdz
--
Unsubscribe mailto:rrd-developers-request at list.ee.ethz.ch?subject=unsubscribe
Help mailto:rrd-developers-request at list.ee.ethz.ch?subject=help
Archive http://www.ee.ethz.ch/~slist/rrd-developers
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the rrd-developers
mailing list