Overview

File nagios-CVE-2014-1878.patch of Package nagios.2698

Index: nagios/cgi/cmd.c
===================================================================
--- nagios.orig/cgi/cmd.c
+++ nagios/cgi/cmd.c
@@ -1923,14 +1923,14 @@ static int cmd_submitf(int id, const cha
 		return ERROR;
 
 	len = snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command);
-	if(len < 0)
+	if(len < 0 || len >= sizeof(cmd))
 		return ERROR;
 
 	if(fmt) {
 		va_start(ap, fmt);
 		len2 = vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap);
 		va_end(ap);
-		if(len2 < 0)
+		if(len2 < 0 || len2 >= sizeof(cmd) - len)
 			return ERROR;
 		}
openSUSE Build Service is sponsored by
Places