Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23097

Use of uninitialised value when verifying subject and issuer with TLS

    XMLWordPrintable

Details

    • Team A
    • Sprint 102 (Jul 2023)
    • 0.25

    Description

      Changes to zbx_strlcpy should be reverted as sometimes it is used incorrectly and siz is not size of buffer as documented in function header but amount of bytes to copy. Also it is better just to do memcpy in such locations where length of source is already known, see zbx_strlcpy.diff

      ==212685== Conditional jump or move depends on uninitialised value(s)
      ==212685==    at 0x488B2D0: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-arm64-linux.so)
      ==212685==    by 0x53AF23: zbx_strlcpy (common_str.c:128)
      ==212685==    by 0x416C37: zbx_x509_dn_gets (tls.c:1267)
      ==212685==    by 0x416F8B: zbx_verify_issuer_subject (tls.c:1532)
      ==212685==    by 0x419667: zbx_tls_connect (tls.c:3284)
      ==212685==    by 0x40FF0F: zbx_socket_tls_connect (comms.c:544)
      ==212685==    by 0x1CDA23: agent_task_process (async_agent.c:125)
      ==212685==    by 0x53CB8B: async_event (asyncpoller.c:70)
      ==212685==    by 0x5AAFF5B: ??? (in /usr/lib/aarch64-linux-gnu/libevent-2.1.so.7.0.1)
      ==212685==    by 0x5AB1967: event_base_loop (in /usr/lib/aarch64-linux-gnu/libevent-2.1.so.7.0.1)
      ==212685==    by 0x1CC41B: async_poller_thread (async_poller.c:500)
      ==212685==    by 0x402A07: zbx_thread_start (threads.c:124)
      ==212685==  Uninitialised value was created by a heap allocation

       

      Attachments

        Activity

          People

            vso Vladislavs Sokurenko
            vso Vladislavs Sokurenko
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: