Skip to content

Commit 284d740

Browse files
committed
master: avoid an endless loop in HTML generation
Safeguard to avoid any bigger loop than 100 nested levels. It protects against application bugs in the parsing code. Thx Christoph Biedl (debian.axhn@manchmal.in-ulm.de) for noticing and for providing a patch Closes: C:CVE-2013-6048
1 parent 1b34e46 commit 284d740

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: master/lib/Munin/Master/HTMLConfig.pm

+3
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,7 @@ sub get_group_tree {
176176
$shrinkpath;
177177
$shrinkpath =~ s/^[^\/]+\/?//, $counter++)
178178
{
179+
die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
179180
$childnode->{'url' . $counter} = $shrinkpath;
180181
}
181182

@@ -218,6 +219,7 @@ sub get_group_tree {
218219
$shrinkpath =~ /\//;
219220
$shrinkpath =~ s/^[^\/]+\/*//, $counter++
220221
) {
222+
die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
221223
$obj->{'url' . $counter} = $shrinkpath;
222224
}
223225
push @$cats, $obj;
@@ -317,6 +319,7 @@ sub get_group_tree {
317319
$shrinkpath =~ /\//;
318320
$shrinkpath =~ s/^[^\/]+\/*//, $counter++
319321
) {
322+
die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100);
320323
$ret->{'url' . $counter} = $shrinkpath;
321324
}
322325
}

0 commit comments

Comments
 (0)