diff -Naur -x '*.orig' -x '*.rej' -x '*~' nagios-4.3.1/base/query-handler.c nagios-4.3.1-CVE-2018-13441/base/query-handler.c
--- nagios-4.3.1/base/query-handler.c	2017-02-23 21:00:40.000000000 +0100
+++ nagios-4.3.1-CVE-2018-13441/base/query-handler.c	2019-02-20 22:53:11.438705218 +0100
@@ -24,7 +24,7 @@
 /* the echo service. stupid, but useful for testing */
 static int qh_echo(int sd, char *buf, unsigned int len)
 {
-	if (!strcmp(buf, "help")) {
+	if (buf == NULL || !strcmp(buf, "help")) {
 		nsock_printf_nul(sd,
 			"Query handler that simply echoes back what you send it.");
 		return 0;
@@ -303,7 +303,7 @@
 {
 	struct query_handler *qh;
 
-	if (!*buf || !strcmp(buf, "help")) {
+	if (buf == NULL || !strcmp(buf, "help")) {
 		nsock_printf_nul(sd,
 			"  help <name>   show help for handler <name>\n"
 			"  help list     list registered handlers\n");
@@ -331,7 +331,7 @@
 {
 	char *space;
 
-	if (!*buf || !strcmp(buf, "help")) {
+	if (buf == NULL || !strcmp(buf, "help")) {
 		nsock_printf_nul(sd, "Query handler for manipulating nagios core.\n"
 			"Available commands:\n"
 			"  loadctl           Print information about current load control settings\n"