Overview

File CVE-2014-4165.patch of Package ntop.openSUSE_13.1_Update

--- ntop-5.0.2/plugins/rrdPlugin.c	
+++ ntop-5.0.2/plugins/rrdPlugin.c	
@@ -4025,6 +4025,7 @@ static void handleRRDHTTPrequest(char* u
 #endif
   time_t now = time(NULL);
   char rrd_height[RRD_GRAPH_SIZE], rrd_width[RRD_GRAPH_SIZE];
+  size_t j;
 
   if(initialized == 0)
     commonRRDinit();
@@ -4136,6 +4137,11 @@ static void handleRRDHTTPrequest(char* u
 	  len = (int)strlen(rrdCounter);
 	  for(i=0; i<len; i++) if(rrdCounter[i] == '+') rrdCounter[i] = ' ';
 	} else if(strcmp(key, "title") == 0) {
+    for( j=0; j<strlen( value ); j++ ) {
+      if ( !isalpha( value[j] ) && !isdigit( value[j] ) && value[j] != ':' ) {
+        value[j]=' ';
+      }
+    }
 	  unescape(rrdTitle, sizeof(rrdTitle), value);
 	} else if(strcmp(key, "start") == 0) {
 	  safe_snprintf(__FILE__, __LINE__, startTime, sizeof(startTime), "%s", value);
openSUSE Build Service is sponsored by
Places