Xymon on Ubuntu 24.04

list Roland Rosenfeld
Tue, 24 Sep 2024 22:02:27 +0200
Message-Id: <user-e73a6bf1e975@xymon.invalid>

Sorry to quote myself all the time, but I hope, that I found/fixed the
root cause now.

On Tue, 24 Sep 2024, I wrote:

#9  md5hash (
    input=input@entry=0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44
        ctx = 0x5594c83023a0
        md_value = "\301tJ\342^\312T\032bGjɨ\f\267I"
        md_string = "c1", '\000' <repeats 30 times>
        i = 1
        p = 0x5594c6dd7c02 <md_string+2> ""

Seems that there's a bug in the calculation of the buffer size.
The attached patch should fix this.
At least compilation with -D_FORTIFY_SOURCE=3 using this patch no
longer results in buffer overflow messages on my test system.

Greetings
Roland

Attachments (1)

100_md5_bufferoverflow.patch text/x-diff · 633 B