aboutsummaryrefslogtreecommitdiffstats
path: root/main/nagios/CVE-2012-6096.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/nagios/CVE-2012-6096.patch')
-rw-r--r--main/nagios/CVE-2012-6096.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/main/nagios/CVE-2012-6096.patch b/main/nagios/CVE-2012-6096.patch
new file mode 100644
index 0000000000..1ce1790bab
--- /dev/null
+++ b/main/nagios/CVE-2012-6096.patch
@@ -0,0 +1,42 @@
+diff --git a/cgi/history.c b/cgi/history.c
+index 23c1146..9e018db 100644
+--- a/cgi/history.c
++++ b/cgi/history.c
+@@ -805,16 +805,16 @@ void get_history(void){
+ else if(display_type==DISPLAY_HOSTS){
+
+ if(history_type==HOST_HISTORY || history_type==SERVICE_HISTORY){
+- sprintf(match1," HOST ALERT: %s;",host_name);
+- sprintf(match2," SERVICE ALERT: %s;",host_name);
++ snprintf(match1, sizeof(match1), " HOST ALERT: %s;",host_name);
++ snprintf(match2, sizeof(match2), " SERVICE ALERT: %s;",host_name);
+ }
+ else if(history_type==HOST_FLAPPING_HISTORY || history_type==SERVICE_FLAPPING_HISTORY){
+- sprintf(match1," HOST FLAPPING ALERT: %s;",host_name);
+- sprintf(match2," SERVICE FLAPPING ALERT: %s;",host_name);
++ snprintf(match1, sizeof(match1), " HOST FLAPPING ALERT: %s;",host_name);
++ snprintf(match2, sizeof(match2), " SERVICE FLAPPING ALERT: %s;",host_name);
+ }
+ else if(history_type==HOST_DOWNTIME_HISTORY || history_type==SERVICE_DOWNTIME_HISTORY){
+- sprintf(match1," HOST DOWNTIME ALERT: %s;",host_name);
+- sprintf(match2," SERVICE DOWNTIME ALERT: %s;",host_name);
++ snprintf(match1, sizeof(match1), " HOST DOWNTIME ALERT: %s;",host_name);
++ snprintf(match2, sizeof(match2), " SERVICE DOWNTIME ALERT: %s;",host_name);
+ }
+
+ if(show_all_hosts==TRUE)
+@@ -853,11 +853,11 @@ void get_history(void){
+ else if(display_type==DISPLAY_SERVICES){
+
+ if(history_type==SERVICE_HISTORY)
+- sprintf(match1," SERVICE ALERT: %s;%s;",host_name,svc_description);
++ snprintf(match1, sizeof(match1), " SERVICE ALERT: %s;%s;",host_name,svc_description);
+ else if(history_type==SERVICE_FLAPPING_HISTORY)
+- sprintf(match1," SERVICE FLAPPING ALERT: %s;%s;",host_name,svc_description);
++ snprintf(match1, sizeof(match1), " SERVICE FLAPPING ALERT: %s;%s;",host_name,svc_description);
+ else if(history_type==SERVICE_DOWNTIME_HISTORY)
+- sprintf(match1," SERVICE DOWNTIME ALERT: %s;%s;",host_name,svc_description);
++ snprintf(match1, sizeof(match1), " SERVICE DOWNTIME ALERT: %s;%s;",host_name,svc_description);
+
+ if(strstr(temp_buffer,match1) && (history_type==SERVICE_HISTORY || history_type==SERVICE_FLAPPING_HISTORY || history_type==SERVICE_DOWNTIME_HISTORY))
+ display_line=TRUE;