Hi,
Via corekeeper (https://packages.debian.org/stable/corekeeper) I became aware of a segfault of confreport.cgi. I'm able to reproduce it (at least) in a fresh browser instance (all cookies removed), going to "Find host", searching for a non-existing host and then clicking on "Config Report (Critical)". It says "172 hosts included" (i.e. not just a single host as it happens if I searched for an existing host before) and then outputs most of the page, but ends in the middle of the alerts listing at line 8049 in the middle of a table:
<tr><td><font COLOR="#000000" FACE="Tahoma, Arial, Helvetica">079xxxxxxx at example.com (R)</font></td><td align=center>5m 1s </td><td align=center>-</td><td align=center>4h </td><td align=center>-</td><td>purple</td></tr> <tr><td valign=top rowspan=4 >ports</td><td><font COLOR="#000000" FACE="Tahoma, Arial, Helvetica">0765
At least in one of the cases it ended in the same line, but with "076 instead of 0765". So I suspect we hit some C string size limit once again.
I don't have a proper backtrace (yet), but I had look at the source code and I'm quite confident that the issue is inside the function print_alert_recipients() starting at lib/loadalerts.c, line 1124.
I suspect it's an overflow of the variable "buf". "l" seems large enough with 4kB.
Kind regards, Axel Beckert-- Axel Beckert <beckert at phys.ethz.ch> support: +41 44 633 26 68 IT Services Group, HPT H 6 voice: +41 44 633 41 89 Departement of Physics, ETH Zurich CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/