Details

    • Type: Incident report Incident report
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.2.3
    • Fix Version/s: 2.2.4rc4, 2.3.2
    • Component/s: Agent (G)
    • Environment:
      Windows 2003 x64. Zabbix agent x64.

      Description

      Function zbx_load_message_file() can be crashed because we do not handle case when a buffer's size is not enough.

      Therefore the MsgDll variable can remain not initialized.

        Activity

        Hide
        Alexander Vladishev added a comment -

        It also can lead to the partial disclosure of variables in Windows event logs.

        Related issue: ZBX-6933.

        Show
        Alexander Vladishev added a comment - It also can lead to the partial disclosure of variables in Windows event logs. Related issue: ZBX-6933 .
        Hide
        Alexander Vladishev added a comment - - edited

        Successfully tested! Please review my changes in r45643 before a merge.
        Juris Miščenko Reviewed. CLOSED.

        Show
        Alexander Vladishev added a comment - - edited Successfully tested! Please review my changes in r45643 before a merge. Juris Miščenko Reviewed. CLOSED.
        Hide
        Juris Miščenko (Inactive) added a comment -

        Fix merged in 2.2.4rc1 r45649, 2.3.0 (trunk) r45651

        Show
        Juris Miščenko (Inactive) added a comment - Fix merged in 2.2.4rc1 r45649, 2.3.0 (trunk) r45651
        Hide
        Andris Zeila added a comment - - edited

        eventlog.c:zbx_load_message_file():

        ExpandEnvironmentStrings() apparently returns the required buffer size in TCHARs (though the description in MSDN is not quite clear on it). As it is now we are allocating only 1/2 of required memory leading to buffer overruns.

        Andris Zeila RESOLVED in r46668

        Alexander Vladishev CLOSED

        Show
        Andris Zeila added a comment - - edited eventlog.c:zbx_load_message_file(): ExpandEnvironmentStrings() apparently returns the required buffer size in TCHARs (though the description in MSDN is not quite clear on it). As it is now we are allocating only 1/2 of required memory leading to buffer overruns. Andris Zeila RESOLVED in r46668 Alexander Vladishev CLOSED
        Hide
        Andris Zeila added a comment -

        Released in:
        pre-2.2.4rc4 r46687
        pre-2.3.2 r46688

        Show
        Andris Zeila added a comment - Released in: pre-2.2.4rc4 r46687 pre-2.3.2 r46688

          People

          • Assignee:
            Andris Zeila
            Reporter:
            Alexander Vladishev
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: