22 Jan
2015
22 Jan
'15
4:14 p.m.
Hi, spotted on 4.3.17 in production: --- a/web/acknowledge.c +++ b/web/acknowledge.c @@ -289,7 +289,7 @@ int main(int argc, char *argv[]) pcre *dummy; char *re; - re = (char *)malloc(8 + strlen(pagename)); + re = (char *)malloc(8 + 2*strlen(pagename)); sprintf(re, "%s$|^%s/.+", pagename, pagename); dummy = compileregex(re); if (dummy) { This might even deserve a CVE number, but as it's a seccgi, it's not widely exposed. Christoph -- cb at df7cb.de | http://www.df7cb.de/