BUG in history.cgi (+ fix)
Thomas Guyot-Sionnest
dermoth at aei.ca
Thu Jun 19 14:03:14 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19/06/08 07:46 AM, Franky Van Liedekerke wrote:
> Hi all,
>
> I had some problems with history.cgi where it consistently coredumped on me.
> After some searching, it seems that history.c assumes that each line in
> nagios.log has a certain maximum lenght (MAX_INPUT_BUFFER) but some
> plugins write more info away there (like the check_oracle_health plugin
> in my case).
> But the issue is: when such a long line is found, history.c doesn't chop
> it off after MAX_INPUT_BUFFER characters and as such coredumps ...
> Solution: add the line
>
> input[MAX_INPUT_BUFFER]='\x0';
>
> at around line 551 in cgi/history.c (before the "strip(input);" line),
> so the code becomes:
>
> printf("<P><DIV CLASS='logEntries'>\n");
>
> while(1){
>
> free(input);
>
> if(use_lifo==TRUE){
> if((input=pop_lifo())==NULL)
> break;
> }
> else{
> if((input=mmap_fgets(thefile))==NULL)
> break;
> }
>
> input[MAX_INPUT_BUFFER]='\x0';
> strip(input);
>
> This solves my problem for now, but I don't know if it is the correct
> solution of course ...
I don't have time to test, but it looks like the segfault is just a few
lines below:
strcpy(input_buffer2,input);
input_buffer2 has a static length of MAX_INPUT_BUFFER, so you should
rather use strncpy and limit to "MAX_INPUT_BUFFER-1" characters (so it
will be able to terminate it with a \0).
Your fix will work just as well, but changing strcpy to strncpy is more
obvious and use of strcpy is discouraged for that exact reason.
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIWksC6dZ+Kt5BchYRAr50AKDHHDBPVizBG8rPGvs2eMYTtyWxVQCgqAvn
zF/jM6g9ph5x6nqt92WiScQ=
=Zyc7
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
More information about the Developers
mailing list