[ZBX-13660] Invalid type for port is used when processing discovery from proxy Created: 2018 Mar 27  Updated: 2024 Apr 10  Resolved: 2018 Apr 18

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: None
Affects Version/s: 3.0.16rc1, 3.4.8rc1, 4.0.0alpha6
Fix Version/s: 3.0.17rc1, 3.4.9rc1, 4.0.0alpha6, 4.0 (plan)

Type: Problem report Priority: Major
Reporter: Vladislavs Sokurenko Assignee: Andris Mednis
Resolution: Fixed Votes: 0
Labels: discovery, proxy, server
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
caused by ZBX-12349 CVE-2017-2824 zabbix: Multiple vulner... Closed
Team: Team A
Team: Team A
Sprint: Sprint 30, Sprint 31, Sprint 32
Story Points: 3

 Description   

Invalid type is used in combination with is_ushort, this can result in problems on big endian systems.
In newer version if port is not initialized this can cause port to contain garbage value.

See:
process_dhis_data()
Port is integer.

See
process_areg_data()
Port is unsigned short

Expected:
Both places are unsigned short.

 Comments   
Comment by Andris Mednis [ 2018 Apr 12 ]

For 3.0 fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-13660-30
For trunk fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-13660

Comment by Andris Mednis [ 2018 Apr 17 ]

Available in versions:

  • pre-3.0.17rc1 r79803
  • pre-3.4.9rc1 r79812
  • pre-4.0.0alpha6 (trunk) r79816
Generated at Fri Apr 19 06:07:39 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.