Core dump in showgraph.cgi with very large "service" name
list Jeremy Laidman
Hiya One more bug that I can't track down where to fix. If I go to a "showgraph" page and change the "service" value to something ludicrously large (2k or more), then showgraph.cgi dumps core. It happens at different places depending on the size of the value, so presumably there's a buffer being filled by different things, and one of them pushes it over the limit. Sorry I couldn't be more help on pinpointing the problem. Cheers Jeremy
list Henrik Størner
▸
One more bug that I can't track down where to fix. If I go to a "showgraph" page and change the "service" value to something ludicrously large (2k or more), then showgraph.cgi dumps core.
Fixed now. I've done a code audit of the web CGI's today, and fixed a bunch of potential problems with parameter handling. I need to do some more testing to make sure it hasn't broken anything. After that, there will be a 4.3.4 release. Regards, Henrik
list Jeremy Laidman
▸
On Thu, May 19, 2011 at 11:55 PM, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:
Fixed now. I've done a code audit of the web CGI's today, and fixed a bunch of potential problems with parameter handling.
Awesome, thanks. Let me say how grateful I am that Xymon exists. The excellent support provided by you and the forum is a bonus. In my experience, similar "this is insecure" reports to commercial vendors gets nowhere, and takes a long time to get there. Cheers Jeremy