Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18845

Zabbix agent does not correctly handle parameters ending with $

XMLWordPrintable

    • Sprint 72 (Jan 2021), Sprint 73 (Feb 2021)
    • 1

      When user parameter ending with $ like:

      UserParameter=a[*],$
UserParameter=b[*],b$

      are used the parameter replacement happens incorrectly resulting in buffer overrun.

      ./install/sbin/zabbix_agentd -c install/etc/zabbix_agentd.conf -t a[c]
a[c]                                          [t|sh: 1: $��: not found]
./install/sbin/zabbix_agentd -c install/etc/zabbix_agent.conf -t b[c]
b[c]                                          [t|sh: 1: b�: not found]

      ==18643== Invalid read of size 1
==18643==    at 0x4E9FB80: __strchr_avx2 (strchr-avx2.S:45)
==18643==    by 0x12CBB2: replace_param (sysinfo.c:1023)
==18643==    by 0x12CFD5: process (sysinfo.c:1156)
==18643==    by 0x11E6A9: process_listener (listener.c:57)
==18643==    by 0x11EAAD: listener_thread (listener.c:145)
==18643==    by 0x14F1D2: zbx_thread_start (threads.c:136)
==18643==    by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110)
==18643==    by 0x15084C: daemon_start (daemon.c:397)
==18643==    by 0x11AEA5: main (zabbix_agentd.c:1361)
==18643==  Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd
==18643==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==18643==    by 0x4DCBDB9: strdup (strdup.c:42)
==18643==    by 0x16226F: zbx_strdup2 (misc.c:626)
==18643==    by 0x12AA9D: add_to_metrics (sysinfo.c:131)
==18643==    by 0x12AB5B: add_metric (sysinfo.c:148)
==18643==    by 0x12AC58: add_user_parameter (sysinfo.c:188)
==18643==    by 0x11F823: load_user_parameters (zbxconf.c:102)
==18643==    by 0x11AE79: main (zabbix_agentd.c:1356)
==18643== 
==18643== Invalid read of size 1
==18643==    at 0x4838C62: strlen (vg_replace_strmem.c:460)
==18643==    by 0x167C37: zbx_strcpy_alloc (str.c:353)
==18643==    by 0x12CBE2: replace_param (sysinfo.c:1058)
==18643==    by 0x12CFD5: process (sysinfo.c:1156)
==18643==    by 0x11E6A9: process_listener (listener.c:57)
==18643==    by 0x11EAAD: listener_thread (listener.c:145)
==18643==    by 0x14F1D2: zbx_thread_start (threads.c:136)
==18643==    by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110)
==18643==    by 0x15084C: daemon_start (daemon.c:397)
==18643==    by 0x11AEA5: main (zabbix_agentd.c:1361)
==18643==  Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd
==18643==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==18643==    by 0x4DCBDB9: strdup (strdup.c:42)
==18643==    by 0x16226F: zbx_strdup2 (misc.c:626)
==18643==    by 0x12AA9D: add_to_metrics (sysinfo.c:131)
==18643==    by 0x12AB5B: add_metric (sysinfo.c:148)
==18643==    by 0x12AC58: add_user_parameter (sysinfo.c:188)
==18643==    by 0x11F823: load_user_parameters (zbxconf.c:102)
==18643==    by 0x11AE79: main (zabbix_agentd.c:1356)
==18643==

      Expected: Without index the '$' is not expanded and just copied - so '$' and 'b$' should be converted to '$' and 'b$'.

            viktors.tjarve Viktors Tjarve
            viktors.tjarve Viktors Tjarve
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: