Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-1050

Some windows eventlog messages cause zabbix agent to crash at 'FormatMessage()'.

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Fixed
    • Icon: Critical Critical
    • 1.6.6, 1.9.0 (alpha)
    • 1.6
    • Agent (G)
    • None
    • Windows(XP, 2003), Zabbix Agent 1.6.6 from ZABBIX SIA.

      Some windows eventlog messages cause zabbix agent to crash at 'FormatMessage()'.

      If 'hLib' has arguments more than the number of array of 'aInsertStrs', zabbix will crash at 'FormatMessage()'.
      But, zabbix restricts the number of array of 'aInsertStrs' to less than 'MAX_INSERT_STRS'.
      In zabbix 1.6.6, 'MAX_INSERT_STRS' is 64.
      So, if 'hLib' has arguments more than 64, it will crash.
      > for (
      > i = 0, pCh = (char *)((LPBYTE)pELR + pELR->StringOffset);
      > i < pELR->NumStrings && i < MAX_INSERT_STRS;
      > i++, pCh += strlen(pCh) + 1) /* point to next string */
      >

      { > aInsertStrs[i] = pCh; > }

      Most of eventlog don't have arguments more than 64.
      But, some eventlogs have.
      Actually, I found this problem at SAP eventlog which has arguments more than 64.
      I cannot attach the dll, but it is easy to reproduce same crash situation by setting MAX_INSERT_STRS as small number, like 1, 2 or 3.

        1. zabbix-1.6.6-eventlog_formatmessage_crash.patch
          0.5 kB

            sasha Alexander Vladishev
            tsuzuki Takanori Suzuki
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: