[Xymon] acknowledge.c(gi) buffer overrun

J.C. Cleaver cleaver at terabithia.org
Thu Jan 22 22:36:48 CET 2015


On Thu, January 22, 2015 8:14 am, Christoph Berg wrote:
> Hi,
>
> spotted on 4.3.17 in production:
>
> --- a/web/acknowledge.c
> +++ b/web/acknowledge.c
> @@ -289,7 +289,7 @@ int main(int argc, char *argv[])
>  					pcre *dummy;
>  					char *re;
>
> -					re = (char *)malloc(8 + strlen(pagename));
> +					re = (char *)malloc(8 + 2*strlen(pagename));
>  					sprintf(re, "%s$|^%s/.+", pagename, pagename);
>  					dummy = compileregex(re);
>  					if (dummy) {
>
> This might even deserve a CVE number, but as it's a seccgi, it's
> not widely exposed.
>
> Christoph
> --



This is fixed in (unreleased) 4.3.18, via
https://sourceforge.net/p/xymon/code/7483.

Originally reported
http://lists.xymon.com/pipermail/xymon/2014-August/040003.html


HTH,
-jc




More information about the Xymon mailing list