22 Jan
2015
22 Jan
'15
9:36 p.m.
On Thu, January 22, 2015 8:14 am, Christoph Berg wrote:
Hi,
spotted on 4.3.17 in production:
--- a/web/acknowledge.c +++ b/web/acknowledge.c @@ -289,7 +289,7 @@ int main(int argc, char *argv[]) pcre *dummy; char *re;
- re = (char *)malloc(8 + strlen(pagename)); + re = (char *)malloc(8 + 2*strlen(pagename)); sprintf(re, "%s$|^%s/.+", pagename, pagename); dummy = compileregex(re); if (dummy) {
This might even deserve a CVE number, but as it's a seccgi, it's not widely exposed.
Christoph --
This is fixed in (unreleased) 4.3.18, via https://sourceforge.net/p/xymon/code/7483. Originally reported http://lists.xymon.com/pipermail/xymon/2014-August/040003.html HTH, -jc