[ZBX-10820] Potential loss of data when server/proxy processes zabbix_sender data - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Problem report
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.0.3rc1, 3.2.0alpha1
Fix Version/s: 3.0.11rc1, 3.2.8rc1, 3.4.2rc1, 4.0.0alpha1
Component/s: Proxy (P), Server (S)
Labels:
- codequality
- loss
- network
- sender

Epic Link:
Refactoring findings
Team:
Team A
Sprint:
Sprint 12, Sprint 13, Sprint 14, Sprint 15, Sprint 16
Story Points:
2

Description

Thanks to (86) of ~~ZBXNEXT-1263~~ we now save peer hostname/IP in peer field of zbx_socket_t structure and reuse when necessary.

The only exception is zbx_tcp_check_security() calling getpeername() and inet_ntoa()/zbx_getnameinfo() independently. We should reuse peer at least and possibly think about storing getpeername() result in zbx_socket_t structure too on stage of zbx_tcp_accept().

Suppose zabbix_sender disconnects (due to timeout or network failure) right after server/proxy performs zbx_tcp_accept(). Server/proxy will be able to read sender data but will have to reject it because of security restriction since second call of getpeername() will fail.

Also peer in zbx_socket_t and host in zbx_get_ip_by_socket() use different in size static buffers.

Attachments

Issue Links

causes

ZBX-15955 Agent allows requests from any hosts if Server=localhost

Closed

ZBX-15399 „::/0“ in allowed hosts for Zabbix Trapper Items doesn't allow IPv4 anymore

Closed

depends on

ZBX-4252 Agent sends AAAA queries when operating system IPv6 support is disabled

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Glebs Ivanovskis (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2016 May 18 15:22

Updated:: 2019 Apr 09 15:34

Resolved:: 2017 Sep 07 23:09