[Nagiosplug-devel] Re: plugin overflow error

Subhendu Ghosh sghosh at sghosh.org
Tue Sep 24 08:53:02 CEST 2002


On 24 Sep 2002, Karl DeBisschop wrote:

> On Sun, 2002-09-22 at 20:02, Ethan Galstad wrote:
> > Hi Russell -
> > 
> > I would definitely be interested in knowing what you found, so we can 
> > get the problem fixed.  Subhendu Ghosh has been taking the main lead 
> > on plugin development lately, Karl DeBisschop has has historically be 
> > the main lead and still does development, while I rarely do much with 
> > the plugins anymore.  However, if there are serious things that need 
> > to be taken care of, I will definitely lend a hand to get things 
> > patched quickly.
> 
> I replaced all instances of sprintf with snprintf.
> 
> I did not (yet) actually check the lengths of the strings -- I just let
> snprintf brutally chop off the excess. It's a start.
> 
> A quick grep suggested that check_tcp is OK.
> 
> Check_tcp can replace most of the other things like check_smtp, etc.
> Maybe the best way to secure those is to remove them from the CVS tree
> at this point and modify the makefile so the appropriate links are
> created to get the desired behavior from just the one plugin. If
> Subhendu agrees we're ready do to that, it reduces the amount of code
> that needs auditing.
> 
> --
> Karl
> 
> 


I'm all for creating links and basing behaviour on the called name.  Less 
duplication of code, the better the maintenance.


If we are going to muck around with the makefiles, I'd like to add an 
option to define DMALLOC and use dmalloc to check all the memory 
assignments in a debug mode.  I am trying to run check_snmp thru dmalloc.



-- 
-sg





More information about the Devel mailing list