Sophie: nagios-1:3.4.4-4.2.mga3 src

nagios-3.4.4-4.2.mga3.src.rpm

diff -Naur -x '*~' nagios-4.0.2/cgi/avail.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/avail.c
--- nagios-4.0.2/cgi/avail.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/avail.c	2013-12-31 11:56:28.893703407 +0100
@@ -1096,7 +1096,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/cmd.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/cmd.c
--- nagios-4.0.2/cgi/cmd.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/cmd.c	2013-12-31 11:56:37.610888555 +0100
@@ -311,7 +311,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/config.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/config.c
--- nagios-4.0.2/cgi/config.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/config.c	2013-12-31 11:56:50.990171908 +0100
@@ -344,7 +344,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/extinfo.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/extinfo.c
--- nagios-4.0.2/cgi/extinfo.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/extinfo.c	2013-12-31 11:57:01.577395442 +0100
@@ -591,7 +591,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/histogram.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/histogram.c
--- nagios-4.0.2/cgi/histogram.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/histogram.c	2013-12-31 11:57:12.553626561 +0100
@@ -1060,7 +1060,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/notifications.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/notifications.c
--- nagios-4.0.2/cgi/notifications.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/notifications.c	2013-12-31 11:57:23.994866808 +0100
@@ -327,7 +327,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/outages.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/outages.c
--- nagios-4.0.2/cgi/outages.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/outages.c	2013-12-31 11:57:33.218059996 +0100
@@ -225,7 +225,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/status.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/status.c
--- nagios-4.0.2/cgi/status.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/status.c	2013-12-31 11:57:46.034327742 +0100
@@ -567,7 +567,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/statusmap.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/statusmap.c
--- nagios-4.0.2/cgi/statusmap.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/statusmap.c	2013-12-31 11:57:56.887553854 +0100
@@ -400,7 +400,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/statuswml.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/statuswml.c
--- nagios-4.0.2/cgi/statuswml.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/statuswml.c	2013-12-31 11:59:55.185087458 +0100
@@ -226,8 +226,13 @@
 
 	for(x = 0; variables[x] != NULL; x++) {
 
+		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+			continue;
+			}
+
 		/* we found the hostgroup argument */
-		if(!strcmp(variables[x], "hostgroup")) {
+		else if(!strcmp(variables[x], "hostgroup")) {
 			display_type = DISPLAY_HOSTGROUP;
 			x++;
 			if(variables[x] == NULL) {
diff -Naur -x '*~' nagios-4.0.2/cgi/summary.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/summary.c
--- nagios-4.0.2/cgi/summary.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/summary.c	2013-12-31 11:59:02.192960840 +0100
@@ -725,7 +725,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/cgi/trends.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/trends.c
--- nagios-4.0.2/cgi/trends.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/cgi/trends.c	2013-12-31 11:59:10.742143660 +0100
@@ -1263,7 +1263,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 
diff -Naur -x '*~' nagios-4.0.2/contrib/daemonchk.c nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/contrib/daemonchk.c
--- nagios-4.0.2/contrib/daemonchk.c	2013-11-25 15:16:25.000000000 +0100
+++ nagios-4.0.2-CVE-2013-7108-CVE-2013-7205/contrib/daemonchk.c	2013-12-31 11:59:30.114556391 +0100
@@ -174,7 +174,6 @@
 
 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
-			x++;
 			continue;
 			}
 		}