[Xymon] buffer overflow detected in xymongen (4.3.21)
J.C. Cleaver
cleaver at terabithia.org
Fri Oct 2 20:58:28 CEST 2015
A malformed message could be returned as a result of a truncated network
connection to xymond, or other sorts of interesting cases.
p = strchr(nextline, '\n'); if (p) *p = '\0';
strcpy(l, nextline);
if (p) nextline = p+1; else nextline = NULL;
There does seem to be something a little odd there.
I suppose the below patch would at least keep us from writing past the end
on 'l', but in a proper situation we shouldn't need something like it.
-jc
On Fri, October 2, 2015 4:58 am, Axel Beckert wrote:
> Hi,
>
> On Fri, Oct 02, 2015 at 01:32:51PM +0200, Axel Beckert wrote:
>> Today it finally crashed again after I deployed the debug
>> packages. (It's seldom that I'm so happy to see a core dump. ;-)
>>
>> Here's the [...] oldest one:
> [...]
>> It's indeed in the WML generation code, should be this line here:
>> https://sources.debian.net/src/xymon/4.3.21-1/xymongen/wmlgen.c/#L150
>
> Looking at what status changed in the five minutes before the crash I
> found two status reports which had each line lengths of 6576 and 6897
> characters, but both far shorter than the MAX_LINE_LEN of 16384
> characters
>
> Another thing I could imagine are lines with no trailing newline at
> the end. But then again I have no idea where they could come from nor
> how I should look for them.
>
> Kind regards, Axel Beckert
> --
> Axel Beckert <beckert at phys.ethz.ch> support: +41 44 633 26 68
> IT Services Group, HPT H 6 voice: +41 44 633 41 89
> Departement of Physics, ETH Zurich
> CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xymon.wmlgenbuf.patch
Type: application/octet-stream
Size: 477 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20151002/d81d5cc5/attachment.obj>
More information about the Xymon
mailing list