File nagios-history_buffer_overflow.patch of Package nagios.openSUSE_12.1_Update

Index: nagios/cgi/history.c
===================================================================
--- nagios.orig/cgi/history.c
+++ nagios/cgi/history.c
@@ -805,16 +805,16 @@ void get_history(void) {
 			else if(display_type == DISPLAY_HOSTS) {
 
 				if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) {
-					sprintf(match1, " HOST ALERT: %s;", host_name);
-					sprintf(match2, " SERVICE ALERT: %s;", host_name);
+					snprintf(match1, sizeof( match1)," HOST ALERT: %s;", host_name);
+					snprintf(match2, sizeof( match2)," SERVICE ALERT: %s;", host_name);
 					}
 				else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) {
-					sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name);
-					sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name);
+					snprintf(match1, sizeof( match1)," HOST FLAPPING ALERT: %s;", host_name);
+					snprintf(match2, sizeof( match2)," SERVICE FLAPPING ALERT: %s;", host_name);
 					}
 				else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) {
-					sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name);
-					sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name);
+					snprintf(match1, sizeof( match1)," HOST DOWNTIME ALERT: %s;", host_name);
+					snprintf(match2, sizeof( match2)," SERVICE DOWNTIME ALERT: %s;", host_name);
 					}
 
 				if(show_all_hosts == TRUE)
@@ -853,11 +853,11 @@ void get_history(void) {
 			else if(display_type == DISPLAY_SERVICES) {
 
 				if(history_type == SERVICE_HISTORY)
-					sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description);
+					snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description);
 				else if(history_type == SERVICE_FLAPPING_HISTORY)
-					sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
+					snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
 				else if(history_type == SERVICE_DOWNTIME_HISTORY)
-					sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
+					snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
 
 				if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY))
 					display_line = TRUE;