27 Jan
2011
27 Jan
'11
9:22 p.m.
In <649179590B7FBC46B67B68E6F2BCBEC705E8ABB7 at EX01.service.utwente.nl> <R.Biesbroek at icts.utwente.nl> writes:
In the source code of report.c and snapshot.c (in the map ./web) there is a declaration in the main function: "char htmldelim[20];". In the same main function we can find: " sprintf(htmldelim, "xymonrep-%u-%u", (int)getpid(), (unsigned int)getcurrenttime(NULL));"
Because the size of "char htmldelim[20];" is not sufficient enough (requires around 25 or so) this process will crash.
Thank You! Very nice catch - good to have this done before the 4.3.0 release.
There is also a potential crash that can be induced by feeding the report CGI a long "style" setting. I've fixed that as well in a commit just now.
Regards, Henrik