aboutsummaryrefslogtreecommitdiffstats
path: root/main/nagios/cgi-pairlist-truncation-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/nagios/cgi-pairlist-truncation-fix.patch')
-rw-r--r--main/nagios/cgi-pairlist-truncation-fix.patch14
1 files changed, 14 insertions, 0 deletions
diff --git a/main/nagios/cgi-pairlist-truncation-fix.patch b/main/nagios/cgi-pairlist-truncation-fix.patch
new file mode 100644
index 0000000000..00719d2705
--- /dev/null
+++ b/main/nagios/cgi-pairlist-truncation-fix.patch
@@ -0,0 +1,14 @@
+diff -urN nagios-4.4.6.orig/cgi/getcgi.c nagios-4.4.6/cgi/getcgi.c
+--- nagios-4.4.6.orig/cgi/getcgi.c 2021-03-12 18:00:28.712911163 -0700
++++ nagios-4.4.6/cgi/getcgi.c 2021-03-12 18:02:09.746892595 -0700
+@@ -245,7 +245,9 @@
+ formid = strstr(cookies, "NagFormId=");
+ if (formid) {
+ if(!(paircount % 256)) {
+- pairlist = (char **)realloc(pairlist, (paircount + 1) * sizeof(char *));
++ /* if no query parameters were provided, paircount can begin as zero, resulting in */
++ /* truncation of the pairlist array if we do not reserve at least two elements. */
++ pairlist = (char **)realloc(pairlist, (paircount + 2) * sizeof(char *));
+ if(pairlist == NULL) {
+ printf("getcgivars(): Could not re-allocate memory for name-value pairlist.\n");
+ exit(1);