Bug in statuswml.cgi with Acknowledging Services
Armin Wolfermann
aw at osn.de
Wed Aug 13 11:27:12 CEST 2008
* Jon Angliss <jon at netdork.net> [12.08.2008 23:52]:
> I read the thread, and it looks like the variables are being double
> encoded, which is fine, but the issue here is that a variable being
> fed into url_encode is coming out as a different variable.
Ok, now I see the problem. url_encode() uses a static buffer and calling
it twice in a row overwrites the first result. Half of a fix for this
problem was committed in May introducing a second buffer but the code is
only using the first.
I attached a patch against current CVS using dynamic buffers like
html_encode() does. Lightly tested but works for me.
Regards,
Armin Wolfermann
-------------- next part --------------
Index: cgiutils.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/cgiutils.c,v
retrieving revision 1.81
diff -u -r1.81 cgiutils.c
--- cgiutils.c 23 Jun 2008 20:47:44 -0000 1.81
+++ cgiutils.c 13 Aug 2008 09:23:08 -0000
@@ -126,7 +126,7 @@
char *my_strtok_buffer=NULL;
char *original_my_strtok_buffer=NULL;
-char encoded_url_string[2][MAX_INPUT_BUFFER]; // 2 to be able use url_encode twice
+char *encoded_url_string=NULL;
char *encoded_html_string=NULL;
#ifdef HAVE_TZNAME
@@ -1330,54 +1330,52 @@
/* encodes a string in proper URL format */
char * url_encode(char *input){
- int len,output_len;
+ int len;
int x,y;
char temp_expansion[4];
- static int i = 0;
- char* str = encoded_url_string[i];
if(input==NULL)
return '\x0';
len=(int)strlen(input);
- output_len=(int)sizeof(encoded_url_string[0]);
- str[0]='\x0';
+ if((encoded_url_string=(char *)malloc(MAX_INPUT_BUFFER))==NULL)
+ return "";
+
+ strcpy(encoded_url_string,"");
- for(x=0,y=0;x<=len && y<output_len-1;x++){
+ for(x=0,y=0;x<=len && y<MAX_INPUT_BUFFER-1;x++){
/* end of string */
if((char)input[x]==(char)'\x0'){
- str[y]='\x0';
+ encoded_url_string[y]='\x0';
break;
}
/* alpha-numeric characters and a few other characters don't get encoded */
else if(((char)input[x]>='0' && (char)input[x]<='9') || ((char)input[x]>='A' && (char)input[x]<='Z') || ((char)input[x]>=(char)'a' && (char)input[x]<=(char)'z') || (char)input[x]==(char)'.' || (char)input[x]==(char)'-' || (char)input[x]==(char)'_'){
- str[y]=input[x];
- y++;
+ encoded_url_string[y++]=input[x];
}
/* spaces are pluses */
else if((char)input[x]<=(char)' '){
- str[y]='+';
- y++;
+ encoded_url_string[y++]='+';
}
/* anything else gets represented by its hex value */
else{
- str[y]='\x0';
- if((int)strlen(str)<(output_len-3)){
+ encoded_url_string[y]='\x0';
+ if((int)strlen(encoded_url_string)<MAX_INPUT_BUFFER-3){
sprintf(temp_expansion,"%%%02X",(unsigned int)input[x]);
- strcat(str,temp_expansion);
- y+=3;
+ strcat(encoded_url_string,temp_expansion);
+ y+=strlen(temp_expansion);
}
}
}
- str[sizeof(encoded_url_string[0])-1]='\x0';
+ encoded_url_string[y++]='\x0';
- return str;
+ return encoded_url_string;
}
-------------- next part --------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list