[Xymon] Xymon notifcations disappear due to base64 encoding

Ribeiro, Glauber glauber.ribeiro at experian.com
Fri Feb 6 17:26:35 CET 2015 

I'm not sure the problem is internally in xymon, but rather in the diversity of sources of the text that ends up in email bodies.

I think xymon should do some simple sanitization of alert texts (maybe a configuration item), to eliminate CRs (for benefit of email), but also characters that are not safe for HTML (for benefit of the browser). I wonder is a crafty person would be able to trick xymon into putting Javascript in an alert, by manipulating error messages.

g

-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mark Felder
Sent: Friday, February 06, 2015 09:21
To: xymon at xymon.com
Subject: Re: [Xymon] Xymon notifcations disappear due to base64 encoding



On Thu, Feb 5, 2015, at 10:23, Ribeiro, Glauber wrote:
> More details:
> 
> In xymonserver.cfg, I have
> 
> #MAILC="mail"   
> MAILC="/usr/local/hobbit/server/mail_nocr.sh"    # Command used to send
> an e-mail with no subject
> MAIL="$MAILC -s"                                # Command used to send an
> e-mail with a subject
> 
> The mail_nocr.sh script is like this:
> 
> #! /bin/bash
> # 20130104 - glauber - get rid of CR in emails
> exec /usr/bin/tr -d '\015' | /bin/mail "$@"
> 
> 

Let's kill this in the code instead of resorting to hacks like this.

One or multiple of these instances of \r is bound to be the cause:

~/svn/xymon-code/xymond > grep '\\r' *
xymond.c:       if (sourcename) cause = strtok(NULL, "\r\n");
xymond.c:                       txtstart += strspn(txtstart, " \t\r\n");
xymond.c:       tok = strtok(buf, " \t\r\n");
xymond.c:       if (tok) tok = strtok(NULL, " \t\r\n");
xymond.c:               tok = strtok(NULL, " \t\r\n");
xymond.c:               ehost = bhost + strcspn(bhost, " \t\r\n");
xymond.c:                       bid = msg->buf + strcspn(msg->buf, "
\t\r\n"); bid += strspn(bid, " \t");
xymond.c:                       eid = bid + strcspn(bid, " \t\r\n");
xymond.c:               p = strtok(p, " \t\r\n");
xymond.c:               p = strtok(p, " \t\r\n");
xymond.c:               p = msg->buf + strcspn(msg->buf, "\r\n");
xymond.c:               if ((*p == '\r') || (*p == '\n')) {
xymond_channel.c:               hostname = inbuf + strcspn(inbuf,
"/|\r\n");
xymond_channel.c:                       hostend = hostname +
strcspn(hostname, "|\r\n");
xymond_client.c:        p = s + strcspn(s, "\r\n");
xymond_locator.c:       const char *delims = "|\r\n\t ";


JC, Henrik -- any ideas?
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon

More information about the Xymon mailing list