[Secure-testing-team] Bug#776007: buffer overrun in acknowledge.c(gi)
Christoph Berg
christoph.berg at credativ.de
Thu Jan 22 16:19:25 UTC 2015
Source: xymon
Version: 4.3.17-1
Severity: grave
Tags: security patch pending
web/acknowledge.c uses a string twice in a format string, but only
allocates memory for one copy. The attached patch fixes this.
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
--- a/web/acknowledge.c
+++ b/web/acknowledge.c
@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
pcre *dummy;
char *re;
- re = (char *)malloc(8 + strlen(pagename));
+ re = (char *)malloc(8 + 2*strlen(pagename));
sprintf(re, "%s$|^%s/.+", pagename, pagename);
dummy = compileregex(re);
if (dummy) {
More information about the Secure-testing-team
mailing list