diff -Naur -x '*.orig' -x '*.rej' -x '*~' nagios-4.3.1/base/query-handler.c nagios-4.3.1-CVE-2018-13441/base/query-handler.c --- nagios-4.3.1/base/query-handler.c 2017-02-23 21:00:40.000000000 +0100 +++ nagios-4.3.1-CVE-2018-13441/base/query-handler.c 2019-02-20 22:53:11.438705218 +0100 @@ -24,7 +24,7 @@ /* the echo service. stupid, but useful for testing */ static int qh_echo(int sd, char *buf, unsigned int len) { - if (!strcmp(buf, "help")) { + if (buf == NULL || !strcmp(buf, "help")) { nsock_printf_nul(sd, "Query handler that simply echoes back what you send it."); return 0; @@ -303,7 +303,7 @@ { struct query_handler *qh; - if (!*buf || !strcmp(buf, "help")) { + if (buf == NULL || !strcmp(buf, "help")) { nsock_printf_nul(sd, " help <name> show help for handler <name>\n" " help list list registered handlers\n"); @@ -331,7 +331,7 @@ { char *space; - if (!*buf || !strcmp(buf, "help")) { + if (buf == NULL || !strcmp(buf, "help")) { nsock_printf_nul(sd, "Query handler for manipulating nagios core.\n" "Available commands:\n" " loadctl Print information about current load control settings\n"