![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 Index: pkg-rrdtool/src/rrd_graph.c
2 ===================================================================
3 --- pkg-rrdtool.orig/src/rrd_graph.c 2014-04-25 22:19:44.198412319 +0200
4 +++ pkg-rrdtool/src/rrd_graph.c 2014-04-25 22:21:36.202414000 +0200
5 @@ -305,6 +305,52 @@
7 #undef conv_if
9 +
10 +static int bad_format_imginfo(
11 + char *fmt)
12 +{
13 + char *ptr;
14 + int n = 0;
15 +
16 + ptr = fmt;
17 + while (*ptr != '\0')
18 + if (*ptr++ == '%') {
19 +
20 + /* line cannot end with percent char */
21 + if (*ptr == '\0')
22 + return 1;
23 + /* '%%' is allowed */
24 + if (*ptr == '%')
25 + ptr++;
26 + /* '%s', '%S' are allowed */
27 + else if (*ptr == 's' || *ptr == 'S') {
28 + n = 1;
29 + ptr++;
30 + }
31 +
32 + /* or else '% 4lu' and such are allowed */
33 + else {
34 + /* optional padding character */
35 + if (*ptr == ' ')
36 + ptr++;
37 + /* This should take care of 'm' */
38 + while (*ptr >= '0' && *ptr <= '9')
39 + ptr++;
40 + /* 'lu' must follow here */
41 + if (*ptr++ != 'l')
42 + return 1;
43 + if (*ptr == 'u')
44 + ptr++;
45 + else
46 + return 1;
47 + n++;
48 + }
49 + }
50 +
51 + return (n != 3);
52 +}
53 +
54 +
55 int im_free(
56 image_desc_t *im)
57 {
58 @@ -4035,6 +4081,12 @@
59 char *path;
60 char *filename;
62 + if (bad_format_imginfo(im.imginfo)) {
63 + rrd_info_free(im.grinfo);
64 + im_free(&im);
65 + rrd_set_error("bad format for imginfo");
66 + return NULL;
67 + }
68 path = strdup(im.graphfile);
69 filename = basename(path);
70 info.u_str =