Bug 13747 - Fix for buffer overflow in the latest cacti-spine
: Fix for buffer overflow in the latest cacti-spine
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/cacti-cactid)
: unstable
: all Linux
: P2 critical
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2007-12-18 17:52 by
Modified: 2008-03-13 23:57 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-12-18 17:52:12
See poller.c, lines 101 and 485:

101:  char sysUptime[40];

483: }else{
484:   poll_result = snmp_get(host, reindex->arg1);
485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
486: }


Quick fix: set size of sysUptime array to BUFSIZE.
------- Comment #1 From 2007-12-25 17:00:02 -------
Дим, запрашивай у ldv@ NMU, наверное.
------- Comment #2 From 2007-12-25 17:28:56 -------
Ой, забыл совсем про это. Сделаю.
------- Comment #3 From 2007-12-25 17:35:41 -------
(In reply to comment #0)
> See poller.c, lines 101 and 485:
> 
> 101:  char sysUptime[40];
> 
> 483: }else{
> 484:   poll_result = snmp_get(host, reindex->arg1);
> 485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
> 486: }
> 
> 
> Quick fix: set size of sysUptime array to BUFSIZE.
Можно объяснить что куда поставить?
Я не знаю С :-(
А искать долго.
------- Comment #4 From 2007-12-25 17:39:52 -------
(In reply to comment #3)
> (In reply to comment #0)
> > See poller.c, lines 101 and 485:
> > 
> > 101:  char sysUptime[40];
> > 
> > 483: }else{
> > 484:   poll_result = snmp_get(host, reindex->arg1);
> > 485:   snprintf(sysUptime, BUFSIZE, "%s", poll_result);
> > 486: }
> > 
> > 
> > Quick fix: set size of sysUptime array to BUFSIZE.
> Можно объяснить что куда поставить?
> Я не знаю С :-(
> А искать долго.
Я правильно понимаю, что
subst "s|char sysUptime\[40\]|char sysUptime\[BUFSIZE\]|g" poller.c
будет достаточно?
------- Comment #5 From 2007-12-25 17:49:46 -------
fixed in 0.8.7a-alt2