Overview

File nagios-CVE-2013-7108.patch of Package nagios.openSUSE_13.1_Update

Index: nagios/cgi/avail.c
===================================================================
--- nagios.orig/cgi/avail.c
+++ nagios/cgi/avail.c
@@ -1141,7 +1141,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/config.c
===================================================================
--- nagios.orig/cgi/config.c
+++ nagios/cgi/config.c
@@ -386,7 +386,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/extinfo.c
===================================================================
--- nagios.orig/cgi/extinfo.c
+++ nagios/cgi/extinfo.c
@@ -651,7 +651,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/histogram.c
===================================================================
--- nagios.orig/cgi/histogram.c
+++ nagios/cgi/histogram.c
@@ -1069,7 +1069,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/notifications.c
===================================================================
--- nagios.orig/cgi/notifications.c
+++ nagios/cgi/notifications.c
@@ -358,7 +358,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/outages.c
===================================================================
--- nagios.orig/cgi/outages.c
+++ nagios/cgi/outages.c
@@ -269,7 +269,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/status.c
===================================================================
--- nagios.orig/cgi/status.c
+++ nagios/cgi/status.c
@@ -600,7 +600,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/statusmap.c
===================================================================
--- nagios.orig/cgi/statusmap.c
+++ nagios/cgi/statusmap.c
@@ -407,7 +407,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/statuswml.c
===================================================================
--- nagios.orig/cgi/statuswml.c
+++ nagios/cgi/statuswml.c
@@ -235,8 +235,13 @@ int process_cgivars(void) {
 
 	for(x = 0; variables[x] != NULL; x++) {
 
+		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+			continue;
+			}
+
 		/* we found the hostgroup argument */
-		if(!strcmp(variables[x], "hostgroup")) {
+		else if(!strcmp(variables[x], "hostgroup")) {
 			display_type = DISPLAY_HOSTGROUP;
 			x++;
 			if(variables[x] == NULL) {
Index: nagios/cgi/summary.c
===================================================================
--- nagios.orig/cgi/summary.c
+++ nagios/cgi/summary.c
@@ -761,7 +761,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/cgi/trends.c
===================================================================
--- nagios.orig/cgi/trends.c
+++ nagios/cgi/trends.c
@@ -1271,7 +1271,6 @@ int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
Index: nagios/contrib/daemonchk.c
===================================================================
--- nagios.orig/contrib/daemonchk.c
+++ nagios/contrib/daemonchk.c
@@ -174,7 +174,6 @@ static int process_cgivars(void) {
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 		}
openSUSE Build Service is sponsored by
Places