tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-11-24 07:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

DerefExpression: Add missing nullptr check

Browse Source 
Due to this missing check, evaluating a DSL expression can result in a null
dereference, crashing the Icinga 2 process. Given that API users can also
provide DSL expression as filters, this can be triggered over the network as
well.

This issue was assigned CVE-2025-61908.
This commit is contained in:
Julian Brost 2025-10-08 10:04:52 +02:00
parent beddc3ff93
commit a02a4594f4
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/config/expression.cpp
View File

@ -185,6 +185,10 @@ bool DerefExpression::GetReference(ScriptFrame& frame, bool init_dict, Value *pa
Reference::Ptr ref = operand.GetValue(); Reference::Ptr ref = operand.GetValue();
if (!ref) {
BOOST_THROW_EXCEPTION(ScriptError("Invalid reference specified.", GetDebugInfo()));
}
*parent = ref->GetParent(); *parent = ref->GetParent();
*index = ref->GetIndex(); *index = ref->GetIndex();
return true; return true;

4
test/config-ops.cpp
View File

@ -241,6 +241,10 @@ BOOST_AUTO_TEST_CASE(advanced)
expr = ConfigCompiler::CompileText("<test>", "{{ 3 }}"); expr = ConfigCompiler::CompileText("<test>", "{{ 3 }}");
func = expr->Evaluate(frame).GetValue(); func = expr->Evaluate(frame).GetValue();
BOOST_CHECK(func->Invoke() == 3); BOOST_CHECK(func->Invoke() == 3);
// Regression test for CVE-2025-61908
expr = ConfigCompiler::CompileText("<test>", "&*null");
BOOST_CHECK_THROW(expr->Evaluate(frame).GetValue(), ScriptError);
} }
BOOST_AUTO_TEST_SUITE_END() BOOST_AUTO_TEST_SUITE_END()