[seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]

Ethan Galstad nagios at nagios.org
Sat May 13 00:22:44 CEST 2006

Previous message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Next message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good point.  How does the attached patch look for fixing this?  I may 
have to release the patch standalone for a few days, as the SourceForge 
CVS servers are currently offline (!).

sean finney wrote:
> hey ethan,
> 
> On Thu, May 11, 2006 at 02:17:14PM -0500, Ethan Galstad wrote:
>> If the packet is greater than INT_MAX in size, then yes, the integer 
>> would probably overflow and result in a negative size. The patch to the 
>> Nagios CGI handles negative values for the Content-Length, so unless I'm 
>> missing something, we should be okay.  Someone please chime in if you 
>> believe otherwise.
> 
> try setting Content-Length to INT_MAX-1.  because later:
> 
>       if(!(cgiinput=(char *)malloc(content_length+1))){
> 
> 
> 	sean


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: getcgi.patch
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060512/87385dd7/attachment.ksh>

Previous message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Next message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list