Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18845

Zabbix agent does not correctly handle parameters ending with $

    XMLWordPrintable

    Details

    • Type: Problem report
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 3.0.32rc1, 4.0.28rc1
    • Fix Version/s: 3.0.32rc1, 4.0.29rc1, 5.4 (plan)
    • Component/s: Agent (G)
    • Labels:
      None
    • Team:
      Team A
    • Sprint:
      Sprint 72 (Jan 2021), Sprint 73 (Feb 2021)
    • Story Points:
      1

      Description

      When user parameter ending with $ like:

      UserParameter=a[*],$
      UserParameter=b[*],b$
      

      are used the parameter replacement happens incorrectly resulting in buffer overrun.

      ./install/sbin/zabbix_agentd -c install/etc/zabbix_agentd.conf -t a[c]
      a[c]                                          [t|sh: 1: $��: not found]
      ./install/sbin/zabbix_agentd -c install/etc/zabbix_agent.conf -t b[c]
      b[c]                                          [t|sh: 1: b�: not found]
      
      ==18643== Invalid read of size 1
      ==18643==    at 0x4E9FB80: __strchr_avx2 (strchr-avx2.S:45)
      ==18643==    by 0x12CBB2: replace_param (sysinfo.c:1023)
      ==18643==    by 0x12CFD5: process (sysinfo.c:1156)
      ==18643==    by 0x11E6A9: process_listener (listener.c:57)
      ==18643==    by 0x11EAAD: listener_thread (listener.c:145)
      ==18643==    by 0x14F1D2: zbx_thread_start (threads.c:136)
      ==18643==    by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110)
      ==18643==    by 0x15084C: daemon_start (daemon.c:397)
      ==18643==    by 0x11AEA5: main (zabbix_agentd.c:1361)
      ==18643==  Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd
      ==18643==    at 0x483577F: malloc (vg_replace_malloc.c:299)
      ==18643==    by 0x4DCBDB9: strdup (strdup.c:42)
      ==18643==    by 0x16226F: zbx_strdup2 (misc.c:626)
      ==18643==    by 0x12AA9D: add_to_metrics (sysinfo.c:131)
      ==18643==    by 0x12AB5B: add_metric (sysinfo.c:148)
      ==18643==    by 0x12AC58: add_user_parameter (sysinfo.c:188)
      ==18643==    by 0x11F823: load_user_parameters (zbxconf.c:102)
      ==18643==    by 0x11AE79: main (zabbix_agentd.c:1356)
      ==18643== 
      ==18643== Invalid read of size 1
      ==18643==    at 0x4838C62: strlen (vg_replace_strmem.c:460)
      ==18643==    by 0x167C37: zbx_strcpy_alloc (str.c:353)
      ==18643==    by 0x12CBE2: replace_param (sysinfo.c:1058)
      ==18643==    by 0x12CFD5: process (sysinfo.c:1156)
      ==18643==    by 0x11E6A9: process_listener (listener.c:57)
      ==18643==    by 0x11EAAD: listener_thread (listener.c:145)
      ==18643==    by 0x14F1D2: zbx_thread_start (threads.c:136)
      ==18643==    by 0x11AA7B: MAIN_ZABBIX_ENTRY (zabbix_agentd.c:1110)
      ==18643==    by 0x15084C: daemon_start (daemon.c:397)
      ==18643==    by 0x11AEA5: main (zabbix_agentd.c:1361)
      ==18643==  Address 0x5cb6002 is 0 bytes after a block of size 2 alloc'd
      ==18643==    at 0x483577F: malloc (vg_replace_malloc.c:299)
      ==18643==    by 0x4DCBDB9: strdup (strdup.c:42)
      ==18643==    by 0x16226F: zbx_strdup2 (misc.c:626)
      ==18643==    by 0x12AA9D: add_to_metrics (sysinfo.c:131)
      ==18643==    by 0x12AB5B: add_metric (sysinfo.c:148)
      ==18643==    by 0x12AC58: add_user_parameter (sysinfo.c:188)
      ==18643==    by 0x11F823: load_user_parameters (zbxconf.c:102)
      ==18643==    by 0x11AE79: main (zabbix_agentd.c:1356)
      ==18643== 
      

      Expected: Without index the '$' is not expanded and just copied - so '$' and 'b$' should be converted to '$' and 'b$'.

        Attachments

          Activity

            People

            Assignee:
            viktors.tjarve Viktors Tjarve
            Reporter:
            viktors.tjarve Viktors Tjarve
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: