Bug/Array index out of bounds

Hiren Patel hir3npatel at gmail.com
Sat Jun 13 15:27:48 CEST 2009


Tilo Renz wrote:
>> man 2 read
>>
>> It works the same, and it's the only sensible way it *can* 
>> work. If it all
>> of a sudden starts adding nul bytes to the buffer you'll all 
>> of a sudden
>> end up unable to read binary byte sequences from files and 
>> sockets alike.
> 
> Yes, all true, but then we must not use the buffer as a string.
> Here zero-padding is neccessary.
> * Weak argument: the debug-printf in line 4495 indicates developers 
> zero-padding intention.
> * Hard argument: In line 3504 the buffer is used to call 
> get_next_string_from_buf(recv_buf,&buf_index,sizeof(recv_buf)).
> While we know the number of valid bytes in the buffer, no one cares.
> And even if we change this call to 
> get_next_string_from_buf(recv_buf,&buf_index,recv_len), zero-padding 
> is still necessary. In get_next_string_from_buf, line 3020, the buffer 
> is given to strcspn(buffer, "\n"). Since we can't guarantee 
> Newline-Occurence, buffer must be null-terminated or strcspn will 
> slurp beyond buffers end.
> 
>  
in accordance to the explanation above, diff attached. let me know if 
this is not valid and needs to change. latest cvs crashes on ubuntu 9.04 
without this patch and the check_for_updates=1 option in nagios.cfg.

the beginning of the crash message was:
---
root at ubuntu:/usr/local/nagios# bin/nagios etc/nagios.cfg

Nagios 3.1.0
Copyright (c) 1999-2009 Ethan Galstad (http://www.nagios.org)
Last Modified: 01-25-2009
License: GPL

Nagios 3.1.0 starting... (PID=32328)
Local time is Sat Jun 13 08:35:30 EDT 2009
*** stack smashing detected ***: bin/nagios terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f49da8]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7f49d60]
bin/nagios[0x8083d82]
bin/nagios(check_for_nagios_updates+0x6a)[0x8083dfa]
bin/nagios(main+0x552)[0x8058ca2]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7e62775]
bin/nagios[0x80586b1]

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: utils
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20090613/10feb6af/attachment.ksh>
-------------- next part --------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list