Re: [Nagios-devel] Re: [[email protected]: Re: CVE-2006-2162: Buffer
Posted: Mon May 15, 2006 8:55 am
sean finney wrote:
> hey ethan,
>
> On Fri, May 12, 2006 at 05:22:44PM -0500, Ethan Galstad wrote:
>> Good point. How does the attached patch look for fixing this? I may
>> have to release the patch standalone for a few days, as the SourceForge
>> CVS servers are currently offline (!).
>
> fun...
>
> i believe the patch you give should prevent the problem from occurring.
>
> in debian, the patch we're using prints an error and returns error
> instead, which i think is slightly more optimal as i'm not sure what
> happens when the cgi script expects a content length different from what
> it's actually going to get. i'll attache what ew're using for
> reference.
>
> the first patch (16_foo) is against 1.x and the second (10_foo) is
> against 2.x
>
>
> sean
Thanks Sean - I think your patches are better, since they cause the CGIs
to exit, so I'll apply them and release new versions of Nagios later
today. Thanks again to you and the other Debian folks!
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> hey ethan,
>
> On Fri, May 12, 2006 at 05:22:44PM -0500, Ethan Galstad wrote:
>> Good point. How does the attached patch look for fixing this? I may
>> have to release the patch standalone for a few days, as the SourceForge
>> CVS servers are currently offline (!).
>
> fun...
>
> i believe the patch you give should prevent the problem from occurring.
>
> in debian, the patch we're using prints an error and returns error
> instead, which i think is slightly more optimal as i'm not sure what
> happens when the cgi script expects a content length different from what
> it's actually going to get. i'll attache what ew're using for
> reference.
>
> the first patch (16_foo) is against 1.x and the second (10_foo) is
> against 2.x
>
>
> sean
Thanks Sean - I think your patches are better, since they cause the CGIs
to exit, so I'll apply them and release new versions of Nagios later
today. Thanks again to you and the other Debian folks!
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]