[icinga-checkins] icinga.org: icinga-core/mfriedrich/cgis: fixed: plugin_output_short didn' t get checked properly and caused segfault in status.cgi #1673

Tue Jun 28 09:08:39 CEST 2011

Module: icinga-core
Branch: mfriedrich/cgis
Commit: 31a88a0c98aeb9f20d432c09de3b59f2f9555164
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=31a88a0c98aeb9f20d432c09de3b59f2f9555164

Author: Ricardo Bartels <ricardo at bitchbrothers.com>
Date:   Mon Jun 27 23:19:08 2011 +0200

fixed: plugin_output_short didn't get checked properly and caused segfault in status.cgi #1673

fixes: #1673

when proccesing plugin_output_short, didn't get checked if it's NULL or not.

---

 Changelog      |    1 +
 cgi/cgiutils.c |    3 +++
 cgi/status.c   |   11 +++++++----
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/Changelog b/Changelog
index c3e4b5f..aa049ee 100644
--- a/Changelog
+++ b/Changelog
@@ -25,6 +25,7 @@ FIXES
 * classic ui: fix cross site scripting vulnerability in config.cgi on config expander arguments #1605
 * classic ui: remove sidebar.html inclusion in index.html causing troubles on reload #1632
 * classic ui: fixed: User can execute host/servicegroup commands even if not authorized for (Sven Nierlein) #1679
+* classic ui: fixed: plugin_output_short didn't get checked properly and caused segfault in status.cgi #1673
 
 * install: fix event handlers cmd file location in contrib #1501
 
diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c
index 89a029d..4be34e0 100644
--- a/cgi/cgiutils.c
+++ b/cgi/cgiutils.c
@@ -1537,6 +1537,9 @@ char * html_encode(char *input, int escape_newlines){
 	int x,y;
 	char temp_expansion[10];
 
+	if (input==NULL)
+		return "";
+
 	/* we need up to six times the space to do the conversion */
 	len=(int)strlen(input);
 	output_len=len*6;
diff --git a/cgi/status.c b/cgi/status.c
index 5cc25e8..ba4211c 100644
--- a/cgi/status.c
+++ b/cgi/status.c
@@ -5184,10 +5184,13 @@ int add_status_data(int status_type, hoststatus *host_status, servicestatus *ser
 
 	/* plugin ouput */
 	if (status_show_long_plugin_output!=FALSE && plugin_output_long!=NULL) {
-		if(content_type==CSV_CONTENT || content_type==JSON_CONTENT)
-			dummy=asprintf(&plugin_output,"%s %s",plugin_output_short,escape_newlines(plugin_output_long));
-		else
-			dummy=asprintf(&plugin_output,"%s<BR>%s",html_encode(plugin_output_short,TRUE),html_encode(plugin_output_long,TRUE));
+		if(content_type==CSV_CONTENT || content_type==JSON_CONTENT) {
+			if (plugin_output_short!=NULL)
+				dummy=asprintf(&plugin_output,"%s",escape_newlines(plugin_output_long));
+			else
+				dummy=asprintf(&plugin_output,"%s %s",plugin_output_short,escape_newlines(plugin_output_long));
+		} else
+			dummy=asprintf(&plugin_output,"%s<BR>%s",(plugin_output_short==NULL)?"":html_encode(plugin_output_short,TRUE),html_encode(plugin_output_long,TRUE));
 	} else if (plugin_output_short!=NULL) {
 		if(content_type==CSV_CONTENT || content_type==JSON_CONTENT)
 			dummy=asprintf(&plugin_output,"%s",plugin_output_short);



