-
Problem report
-
Resolution: Fixed
-
Trivial
-
3.0.32rc1, 4.0.28rc1
-
None
-
Sprint 72 (Jan 2021), Sprint 73 (Feb 2021)
-
1
When user parameter ending with $ like:
UserParameter=a[*],$ UserParameter=b[*],b$
are used the parameter replacement happens incorrectly resulting in buffer overrun.
./install/sbin/zabbix_agentd -c install/etc/zabbix_agentd.conf -t a[c] a[c] [t|sh: 1: $��: not found] ./install/sbin/zabbix_agentd -c install/etc/zabbix_agent.conf -t b[c] b[c] [t|sh: 1: b�: not found]
==18643== Invalid read of size 1 ==18643== at 0x4E9FB80: __strchr_avx2 (strchr-avx2.S:45) ==18643== by 0x12CBB2: replace_param (sysinfo.c:1023) ==18643== by 0x12CFD5: process (sysinfo.c:1156) ==18643== by 0x11E6A9: process_listener (listener.c:57) ==18643== by 0x11EAAD: listener_thread (listener.c:145) ==18643== by 0x14F1D2: zbx_thread_start (threads.c:136) ==18643== by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110) ==18643== by 0x15084C: daemon_start (daemon.c:397) ==18643== by 0x11AEA5: main (zabbix_agentd.c:1361) ==18643== Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd ==18643== at 0x483577F: malloc (vg_replace_malloc.c:299) ==18643== by 0x4DCBDB9: strdup (strdup.c:42) ==18643== by 0x16226F: zbx_strdup2 (misc.c:626) ==18643== by 0x12AA9D: add_to_metrics (sysinfo.c:131) ==18643== by 0x12AB5B: add_metric (sysinfo.c:148) ==18643== by 0x12AC58: add_user_parameter (sysinfo.c:188) ==18643== by 0x11F823: load_user_parameters (zbxconf.c:102) ==18643== by 0x11AE79: main (zabbix_agentd.c:1356) ==18643== ==18643== Invalid read of size 1 ==18643== at 0x4838C62: strlen (vg_replace_strmem.c:460) ==18643== by 0x167C37: zbx_strcpy_alloc (str.c:353) ==18643== by 0x12CBE2: replace_param (sysinfo.c:1058) ==18643== by 0x12CFD5: process (sysinfo.c:1156) ==18643== by 0x11E6A9: process_listener (listener.c:57) ==18643== by 0x11EAAD: listener_thread (listener.c:145) ==18643== by 0x14F1D2: zbx_thread_start (threads.c:136) ==18643== by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110) ==18643== by 0x15084C: daemon_start (daemon.c:397) ==18643== by 0x11AEA5: main (zabbix_agentd.c:1361) ==18643== Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd ==18643== at 0x483577F: malloc (vg_replace_malloc.c:299) ==18643== by 0x4DCBDB9: strdup (strdup.c:42) ==18643== by 0x16226F: zbx_strdup2 (misc.c:626) ==18643== by 0x12AA9D: add_to_metrics (sysinfo.c:131) ==18643== by 0x12AB5B: add_metric (sysinfo.c:148) ==18643== by 0x12AC58: add_user_parameter (sysinfo.c:188) ==18643== by 0x11F823: load_user_parameters (zbxconf.c:102) ==18643== by 0x11AE79: main (zabbix_agentd.c:1356) ==18643==
Expected: Without index the '$' is not expanded and just copied - so '$' and 'b$' should be converted to '$' and 'b$'.