status.cgi segfault without hostgroup parameter on solaris 10

[Michael Friedrich]

Ethan Galstad wrote:
> Michael Friedrich wrote:
>    
>> Hi,
>>
>> regarding the tracker issue http://tracker.nagios.org/view.php?id=120
>>
>> I recently fixed that issue on the Icinga CGIs, i've re-checked on
>> Nagios CGIs and the SIGSEGV still happens on Solaris 10.
>>
>> Reproducable on my Solaris box. So the issue is not resolved, yet still
>> exists.
>>
>> Please check https://dev.icinga.org/issues/594 for further explanations.
>> To conclude with, it's again printf("%s", NULL) on Solaris.
>>
>> Since it's rather trivial to fix, I decided to create a patch for Nagios
>> too. Attached GIT diff against latest HEAD resolves those issues,
>> changing behavior to 'all' when no parameters are provided.
>>
>> Kind regards,
>> Michael
>>
>>
>> PS: Any chance moving Nagios to GIT in the near future?
>>      
> Its probably better to patch url_encode().  I'm committing a simple
> patch that most likely fixes the problem.  Can you verify if it fixes
> things on Solaris?
>    

I'd propose you'll get a Solaris VM from oracle.com running at your 
stage too (Registration required, and also (tm) and (c) needs to be 
respected).
I am still writing an howto for that, you can follow it over here:

https://dev.icinga.org/projects/icinga-development/wiki/HowToSetupSolarisVM

Building the latest HEAD straight with

$ git pull
$ make distclean
$ ./configure
$ make cgis

throws

cgiutils.c: In function `url_encode':
cgiutils.c:1371: warning: passing arg 1 of `strcpy' from incompatible 
pointer type

because strcpy awaits char* instead of char[]

Running in gdb works without sigsegv. But I would mark that as hack, 
which might cause problems for other use cases.


Just one last thing, Andreas is telling me that more testing is needed 
by different people. Which is good btw, I was only talking about a 
Quickfix Release, nothing else.

Andreas Ericsson wrote:

>  Since the fix awaits input from testers we can't very well release it

>  immediately. You've tested it, so that makes one person. If a few more
>  report that it's now working as intended without any downsides we'll
>  probably go ahead and cut a release in the next few days, but releasing
>  untested code that might break something else just to fix a bug isn't
>  really good practice.


On the webpage, Nagios 3.2.3 is already out. I don't really understand - now there's a "possible fix for solaris segfault" and this is put straight forward into a new release? I thought advanced testing would be needed, also having something in mind with testing on the 3 of you.
I really thought that Nagios Core Development would become more open, residing next to several things happening. But as it seems, it's still a one man show. Anyways, so nothing changed and we can go on testing new Nagios release.

Kind regards,
Michael










-- 
DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email: 	michael.friedrich at univie.ac.at
phone: 	+43 1 4277 14359
fax: 	+43 1 4277 14279
web:	http://www.univie.ac.at/zid

Icinga Core&  IDOUtils Developer
http://www.icinga.org


------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security 
easier or more difficult to achieve? Read this whitepaper to separate the 
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d