Odd segfault in nagios.
Steven D. Morrey
smorrey at ldschurch.org
Thu Oct 8 19:37:26 CEST 2009
Hi Everyone,
I've been working on making some improvements to DNX.
I believe I've stumbled on an error in nagios. It's an issue in 2.7 which is what we use here, but it may be an issue in later versions as well, since I don't see anywhere steps have been taken to prevent it.
In utils.c on line 3834 there is this line.
memcpy(message,((service_message **)service_result_buffer.buffer)[service_result_buffer.tail],sizeof(service_message));
It's purpose is to copy a message from the service result buffer to the "message" buffer.
The problem arises in instances where the message that the service result buffer contains is null or empty.
Now while I'm not exactly sure how this situation arose (probably DNX posted something weird), but the fact that it's segfaulting here if the message is null or empty, that seems to me to be a bit of a bug.
The solution is obviously to check that we have valid data before performing the memcpy operation.
I've created a patch that fixes this, and I'll get it up for the 2.x branch once it's tested, and if anyone can confirm that this bug is present in Nagios 3x I'll get a patch going for it as well.
Thanks for taking a moment to read this.
Sincerely,
Steve
NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
More information about the Developers
mailing list