upstream/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2026-02-18 18:19:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

DerefExpression: Add missing nullptr check

Browse source 
Due to this missing check, evaluating a DSL expression can result in a null
dereference, crashing the Icinga 2 process. Given that API users can also
provide DSL expression as filters, this can be triggered over the network as
well.

This issue was assigned CVE-2025-61908.
This commit is contained in:
Julian Brost 2025-10-08 10:04:52 +02:00
parent 332c2be32a
commit 0dadce2b97
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/config/expression.cpp
View file

@ -187,6 +187,10 @@ bool DerefExpression::GetReference(ScriptFrame& frame, bool init_dict, Value *pa
Reference::Ptr ref = operand.GetValue();
if (!ref) {
BOOST_THROW_EXCEPTION(ScriptError("Invalid reference specified.", GetDebugInfo()));
}
*parent = ref->GetParent();
*index = ref->GetIndex();
return true;

4
test/config-ops.cpp
View file

@ -242,6 +242,10 @@ BOOST_AUTO_TEST_CASE(advanced)
expr = ConfigCompiler::CompileText("<test>", "{{ 3 }}");
func = expr->Evaluate(frame).GetValue();
BOOST_CHECK(func->Invoke() == 3);
// Regression test for CVE-2025-61908
expr = ConfigCompiler::CompileText("<test>", "&*null");
BOOST_CHECK_THROW(expr->Evaluate(frame).GetValue(), ScriptError);
}
BOOST_AUTO_TEST_CASE(sandboxed_ticket_salt)