-
Incident report
-
Resolution: Fixed
-
Major
-
2.4.8, 3.0.2, 3.2.0alpha1
1) In substitute_discovery_macros() function, user macro parsing - the cursor is moved beyond user macro resulting in skipped character and possible buffer overruns. The fix:
Index: src/libs/zbxserver/expression.c
===================================================================
--- src/libs/zbxserver/expression.c (revision 59548)
+++ src/libs/zbxserver/expression.c (working copy)
@@ -4290,8 +4290,8 @@
zbx_free(context);
/* move cursor to the end of user macro */
- while ('}' != (*data)[r++])
- ;
+ while ('}' != (*data)[r])
+ r++;
}
/* substitute LLD macros, located in the item key parameters in simple macros */
/* e.g. {Zabbix server:ifAlias[{#SNMPINDEX}].last(0)} */
(added in ZBXNEXT-2683)
2) 1) In substitute_discovery_macros() function, numeric lld macro parsing - if the macro value is negative (ie prefixed with -) the value is enclosed in parentheses (). During this process the replace_to variable is reallocated, but the replace_to_alloc is not updated.
(added in ZBX-10429)