Permalink
Browse files

master: avoid an endless loop in HTML generation

Safeguard to avoid any bigger loop than 100 nested levels. It protects against
application bugs in the parsing code.

Thx Christoph Biedl (debian.axhn@manchmal.in-ulm.de) for noticing
and for providing a patch

Closes: C:CVE-2013-6048
  • Loading branch information...
1 parent 1b34e46 commit 284d7402718d98fcf10cee565415939882abab99 @steveschnepp steveschnepp committed Oct 28, 2013
Showing with 3 additions and 0 deletions.
  1. +3 −0 master/lib/Munin/Master/HTMLConfig.pm
@@ -176,6 +176,7 @@ sub get_group_tree {
$shrinkpath;
$shrinkpath =~ s/^[^\/]+\/?//, $counter++)
{
+ die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
$childnode->{'url' . $counter} = $shrinkpath;
}
@@ -218,6 +219,7 @@ sub get_group_tree {
$shrinkpath =~ /\//;
$shrinkpath =~ s/^[^\/]+\/*//, $counter++
) {
+ die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
$obj->{'url' . $counter} = $shrinkpath;
}
push @$cats, $obj;
@@ -317,6 +319,7 @@ sub get_group_tree {
$shrinkpath =~ /\//;
$shrinkpath =~ s/^[^\/]+\/*//, $counter++
) {
+ die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
$ret->{'url' . $counter} = $shrinkpath;
}
}

0 comments on commit 284d740

Please sign in to comment.