acknowledge.c(gi) buffer overrun

Hi,

spotted on 4.3.17 in production:

--- a/web/acknowledge.c
+++ b/web/acknowledge.c
@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
 					pcre *dummy;
 					char *re;
 
-					re = (char *)malloc(8 + strlen(pagename));
+					re = (char *)malloc(8 + 2*strlen(pagename));
 					sprintf(re, "%s$|^%s/.+", pagename, pagename);
 					dummy = compileregex(re);
 					if (dummy) {

This might even deserve a CVE number, but as it's a seccgi, it's
not widely exposed.

Christoph
-- 
user-92157dbc91bf@xymon.invalid | http://www.df7cb.de/