[ZBX-8213] Crashing Zabbix agent for Windows Created: 2014 May 15 Updated: 2017 May 30 Resolved: 2014 Jun 19 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Agent (G) |
Affects Version/s: | 2.2.3 |
Fix Version/s: | 2.2.4rc4, 2.3.2 |
Type: | Incident report | Priority: | Blocker |
Reporter: | Alexander Vladishev | Assignee: | Andris Zeila |
Resolution: | Fixed | Votes: | 0 |
Labels: | crash, eventlog, windows | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Windows 2003 x64. Zabbix agent x64. |
Issue Links: |
|
Description |
Function zbx_load_message_file() can be crashed because we do not handle case when a buffer's size is not enough. Therefore the MsgDll variable can remain not initialized. |
Comments |
Comment by Alexander Vladishev [ 2014 May 15 ] |
It also can lead to the partial disclosure of variables in Windows event logs. Related issue: |
Comment by Alexander Vladishev [ 2014 May 20 ] |
Successfully tested! Please review my changes in r45643 before a merge. |
Comment by Juris Miščenko (Inactive) [ 2014 May 20 ] |
Fix merged in 2.2.4rc1 r45649, 2.3.0 (trunk) r45651 |
Comment by Andris Zeila [ 2014 Jun 19 ] |
eventlog.c:zbx_load_message_file(): ExpandEnvironmentStrings() apparently returns the required buffer size in TCHARs (though the description in MSDN is not quite clear on it). As it is now we are allocating only 1/2 of required memory leading to buffer overruns. wiper RESOLVED in r46668 sasha CLOSED |
Comment by Andris Zeila [ 2014 Jun 19 ] |
Released in: |