Bug 13747 - Fix for buffer overflow in the latest cacti-spine
Summary: Fix for buffer overflow in the latest cacti-spine
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: cacti-cactid (show other bugs)
Version: unstable
Hardware: all Linux
: P2 critical
Assignee: Slava Dubrovskiy
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-18 17:52 MSK by Dmitry Lebkov
Modified: 2008-03-13 23:57 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Lebkov 2007-12-18 17:52:12 MSK 
See poller.c, lines 101 and 485:

101:  char sysUptime[40];

483: }else{
484:   poll_result = snmp_get(host, reindex->arg1);
485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
486: }


Quick fix: set size of sysUptime array to BUFSIZE.
Comment 1 Michael Shigorin 2007-12-25 17:00:02 MSK 
Дим, запрашивай у ldv@ NMU, наверное.
Comment 2 Slava Dubrovskiy 2007-12-25 17:28:56 MSK 
Ой, забыл совсем про это. Сделаю.
Comment 3 Slava Dubrovskiy 2007-12-25 17:35:41 MSK 
(In reply to comment #0)
> See poller.c, lines 101 and 485:
> 
> 101:  char sysUptime[40];
> 
> 483: }else{
> 484:   poll_result = snmp_get(host, reindex->arg1);
> 485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
> 486: }
> 
> 
> Quick fix: set size of sysUptime array to BUFSIZE.
Можно объяснить что куда поставить?
Я не знаю С :-(
А искать долго.
Comment 4 Slava Dubrovskiy 2007-12-25 17:39:52 MSK 
(In reply to comment #3)
> (In reply to comment #0)
> > See poller.c, lines 101 and 485:
> > 
> > 101:  char sysUptime[40];
> > 
> > 483: }else{
> > 484:   poll_result = snmp_get(host, reindex->arg1);
> > 485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
> > 486: }
> > 
> > 
> > Quick fix: set size of sysUptime array to BUFSIZE.
> Можно объяснить что куда поставить?
> Я не знаю С :-(
> А искать долго.
Я правильно понимаю, что
subst "s|char sysUptime\[40\]|char sysUptime\[BUFSIZE\]|g" poller.c
будет достаточно?
Comment 5 Slava Dubrovskiy 2007-12-25 17:49:46 MSK 
fixed in 0.8.7a-alt2