Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10690

Possible buffer overruns in discovery macros substitution

    XMLWordPrintable

    Details

      Description

      1) In substitute_discovery_macros() function, user macro parsing - the cursor is moved beyond user macro resulting in skipped character and possible buffer overruns. The fix:

      Index: src/libs/zbxserver/expression.c
      ===================================================================
      --- src/libs/zbxserver/expression.c     (revision 59548)
      +++ src/libs/zbxserver/expression.c     (working copy)
      @@ -4290,8 +4290,8 @@
                              zbx_free(context);
       
                              /* move cursor to the end of user macro */
      -                       while ('}' != (*data)[r++])
      -                               ;
      +                       while ('}' != (*data)[r])
      +                               r++;
                      }
                      /* substitute LLD macros, located in the item key parameters in simple macros */
                      /* e.g. {Zabbix server:ifAlias[{#SNMPINDEX}].last(0)}                         */
      

      (added in ZBXNEXT-2683)

      2) 1) In substitute_discovery_macros() function, numeric lld macro parsing - if the macro value is negative (ie prefixed with -) the value is enclosed in parentheses (). During this process the replace_to variable is reallocated, but the replace_to_alloc is not updated.
      (added in ZBX-10429)

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            wiper Andris Zeila
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: