[Nagios-devel] Odd segfault in nagios.
Posted: Thu Oct 08, 2009 4:37 pm
Hi Everyone,
I've been working on making some improvements to DNX.
I believe I've stumbled on an error in nagios. It's an issue in 2.7 which =
is what we use here, but it may be an issue in later versions as well, sinc=
e I don't see anywhere steps have been taken to prevent it.
In utils.c on line 3834 there is this line.
memcpy(message,((service_message **)service_result_buffer.buffer)[service_r=
esult_buffer.tail],sizeof(service_message));
It's purpose is to copy a message from the service result buffer to the "me=
ssage" buffer.
The problem arises in instances where the message that the service result b=
uffer contains is null or empty.
Now while I'm not exactly sure how this situation arose (probably DNX poste=
d something weird), but the fact that it's segfaulting here if the message =
is null or empty, that seems to me to be a bit of a bug.
The solution is obviously to check that we have valid data before performin=
g the memcpy operation.
I've created a patch that fixes this, and I'll get it up for the 2.x branch=
once it's tested, and if anyone can confirm that this bug is present in Na=
gios 3x I'll get a patch going for it as well.
Thanks for taking a moment to read this.
Sincerely,
Steve=20
NOTICE: This email message is for the sole use of the intended recipient(s=
) and may contain confidential and privileged information. Any unauthorized=
review, use, disclosure or distribution is prohibited. If you are not the =
intended recipient, please contact the sender by reply email and destroy al=
l copies of the original message.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
I've been working on making some improvements to DNX.
I believe I've stumbled on an error in nagios. It's an issue in 2.7 which =
is what we use here, but it may be an issue in later versions as well, sinc=
e I don't see anywhere steps have been taken to prevent it.
In utils.c on line 3834 there is this line.
memcpy(message,((service_message **)service_result_buffer.buffer)[service_r=
esult_buffer.tail],sizeof(service_message));
It's purpose is to copy a message from the service result buffer to the "me=
ssage" buffer.
The problem arises in instances where the message that the service result b=
uffer contains is null or empty.
Now while I'm not exactly sure how this situation arose (probably DNX poste=
d something weird), but the fact that it's segfaulting here if the message =
is null or empty, that seems to me to be a bit of a bug.
The solution is obviously to check that we have valid data before performin=
g the memcpy operation.
I've created a patch that fixes this, and I'll get it up for the 2.x branch=
once it's tested, and if anyone can confirm that this bug is present in Na=
gios 3x I'll get a patch going for it as well.
Thanks for taking a moment to read this.
Sincerely,
Steve=20
NOTICE: This email message is for the sole use of the intended recipient(s=
) and may contain confidential and privileged information. Any unauthorized=
review, use, disclosure or distribution is prohibited. If you are not the =
intended recipient, please contact the sender by reply email and destroy al=
l copies of the original message.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]