On 2017/10/13 13:49, Stuart Henderson wrote: > Thanks. So looking at this and the source code, it shows it is using strchr() > to look for the position of a space character in the payload data. But the > str* > functions expect a NUL-terminated string, and the string here is not, so > strchr > searches beyond the end of the payload, looking for either a NUL or a space. > > This code hasn't changed in 3.0, so the problem will still exist there. > > I have created an issue upstream: https://github.com/ntop/ntopng/issues/1518 >
Upstream have committed a fix to their repository, which I have applied to the ports tree. If you don't have the ports tree on your system already, follow "Getting the ports and xenocara trees" on https://www.openbsd.org/anoncvs.html (I have committed it to the -current and 6.2-stable branches). Before building, "pkg_add libtool autoconf%2.69 automake%1.15 gmake" to save time building dependencies, then "cd /usr/ports/net/ntopng && make package && doas make update". Alternatively if you use -current snapshots it will show up in the binary packages in a few days.
