From fde06b925a23dd33fef25f85f86729301d0d3c5f Mon Sep 17 00:00:00 2001
From: hkosaka <kosaka@rworks.jp>
Date: Wed, 9 Jan 2013 11:16:52 +0000
Subject: [PATCH] 2013-01-09  Hirofumi Kosaka <kosaka@rworks.jp>

	* lib/PandoraFMS/SNMPServer.pm: Made sure SNMP filter is valid
	before performing string matching. It could make Pandora Server
	down at worst.  Merged from 4.0 branch.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7389 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_server/ChangeLog                    | 6 ++++++
 pandora_server/lib/PandoraFMS/SNMPServer.pm | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog
index 9a81fa0199..f001d4c6ca 100644
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@@ -1,3 +1,9 @@
+2013-01-09  Hirofumi Kosaka <kosaka@rworks.jp>
+
+	* lib/PandoraFMS/SNMPServer.pm: Made sure SNMP filter is valid
+	before performing string matching. It could make Pandora Server
+	down at worst.  Merged from 4.0 branch.
+
 2013-01-09 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
 
 	* lib/PandoraFMS/PredictionServer.pm: Fixed prediction modules.
diff --git a/pandora_server/lib/PandoraFMS/SNMPServer.pm b/pandora_server/lib/PandoraFMS/SNMPServer.pm
index cf155f143d..c243f703bc 100644
--- a/pandora_server/lib/PandoraFMS/SNMPServer.pm
+++ b/pandora_server/lib/PandoraFMS/SNMPServer.pm
@@ -239,6 +239,13 @@ sub matches_filter ($$$) {
 	my @filters = get_db_rows ($dbh, 'SELECT filter FROM tsnmp_filter');
 	foreach my $filter (@filters) {
 		my $regexp = safe_output($filter->{'filter'}) ;
+
+		# Check if $regexp begins with quantifier
+		if ($regexp =~ m/^[+*?]/ ) {
+			logger($pa_config, "Invalid SNMP filter. Quantifier follows nothing in regex '$regexp'.", 3);
+			next;
+		}
+
 		if ($string =~ m/$regexp/i) {
 			logger($pa_config, "Trap '$string' matches filter '$regexp'. Discarding...", 10);
 			return 1;