BUG in history.cgi (+ fix)

Thomas Guyot-Sionnest dermoth at aei.ca
Thu Jun 19 14:03:14 CEST 2008

Previous message: BUG in history.cgi (+ fix)
Next message: [SPAM] Re: BUG in history.cgi (+ fix)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/06/08 07:46 AM, Franky Van Liedekerke wrote:
> Hi all,
> 
> I had some problems with history.cgi where it consistently coredumped on me.
> After some searching, it seems that history.c assumes that each line in
> nagios.log has a certain maximum lenght (MAX_INPUT_BUFFER) but some
> plugins write more info away there (like the check_oracle_health plugin
> in my case).
> But the issue is: when such a long line is found, history.c doesn't chop
> it off after MAX_INPUT_BUFFER characters and as such coredumps ...
> Solution: add the line
> 
> input[MAX_INPUT_BUFFER]='\x0';
> 
> at around line 551 in cgi/history.c (before the "strip(input);" line),
> so the code becomes:
> 
>         printf("<P><DIV CLASS='logEntries'>\n");
> 
>         while(1){
> 
>                 free(input);
> 
>                 if(use_lifo==TRUE){
>                         if((input=pop_lifo())==NULL)
>                                 break;
>                         }
>                 else{
>                         if((input=mmap_fgets(thefile))==NULL)
>                                 break;
>                         }
> 
>                 input[MAX_INPUT_BUFFER]='\x0';
>                 strip(input);
> 
> This solves my problem for now, but I don't know if it is the correct
> solution of course ...

I don't have time to test, but it looks like the segfault is just a few
lines below:

strcpy(input_buffer2,input);

input_buffer2 has a static length of MAX_INPUT_BUFFER, so you should
rather use strncpy and limit to "MAX_INPUT_BUFFER-1" characters (so it
will be able to terminate it with a \0).

Your fix will work just as well, but changing strcpy to strncpy is more
obvious and use of strcpy is discouraged for that exact reason.

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIWksC6dZ+Kt5BchYRAr50AKDHHDBPVizBG8rPGvs2eMYTtyWxVQCgqAvn
zF/jM6g9ph5x6nqt92WiScQ=
=Zyc7
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

Previous message: BUG in history.cgi (+ fix)
Next message: [SPAM] Re: BUG in history.cgi (+ fix)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list