Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10690

Possible buffer overruns in discovery macros substitution

    Details

      Description

      1) In substitute_discovery_macros() function, user macro parsing - the cursor is moved beyond user macro resulting in skipped character and possible buffer overruns. The fix:

      Index: src/libs/zbxserver/expression.c
      ===================================================================
      --- src/libs/zbxserver/expression.c     (revision 59548)
      +++ src/libs/zbxserver/expression.c     (working copy)
      @@ -4290,8 +4290,8 @@
                              zbx_free(context);
       
                              /* move cursor to the end of user macro */
      -                       while ('}' != (*data)[r++])
      -                               ;
      +                       while ('}' != (*data)[r])
      +                               r++;
                      }
                      /* substitute LLD macros, located in the item key parameters in simple macros */
                      /* e.g. {Zabbix server:ifAlias[{#SNMPINDEX}].last(0)}                         */
      

      (added in ZBXNEXT-2683)

      2) 1) In substitute_discovery_macros() function, numeric lld macro parsing - if the macro value is negative (ie prefixed with -) the value is enclosed in parentheses (). During this process the replace_to variable is reallocated, but the replace_to_alloc is not updated.
      (added in ZBX-10429)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              wiper Andris Zeila
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: