[Nagiosplug-devel] Stack overflow in check_clamd/check_tcp

Thomas Guyot-Sionnest dermoth at aei.ca
Wed Oct 27 05:22:15 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-10-26 05:35 PM, Holger Weiß wrote:
> * Andreas Ericsson <ae at op5.se> [2010-10-26 20:52]:
>> On 10/26/2010 07:37 PM, Holger Weiß wrote:
> 
>>> | (gdb) step
>>> | 234                     memset(&su, 0, sizeof(su));
>>> | (gdb) step
>>> | 236                     strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
>>> | (gdb) step
>>> | 235                     su.sun_family = AF_UNIX;
>>> | (gdb) step
>>> | 236                     strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
>>> | (gdb) step
>>> | strncpy (dst=0xcfbe1940 "", src=0xcfbe1b7e "/tmp/clamd.socket", n=108)
>>> |     at /usr/src/lib/libc/string/strncpy.c:47
> 
> So line 236 is executed before line 235 and then line 236 is executed
> again?
> 
>>> | (gdb) step
>>> | np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket", port=3310,
>>> |     sd=0x3c002064, proto=6) at netutils.c:238
>>> | 238                     if(*sd<  0){
>>> | (gdb) step
>>> | 237                     *sd = socket(PF_UNIX, SOCK_STREAM, 0);
>>> | (gdb) step
>>> | 238                     if(*sd<  0){
>>> | (gdb) step
>>> | 241                     result = connect(*sd, (struct sockaddr *)&su, sizeof(su));
> 
> Hmm.
> 
>> So what the hell is going on?
> 
> No idea.  Looking through np_net_connect(), I don't see any suspicious
> code ...

What kind of optimizations were used at compile time? Maybe worth trying
with -O0

Just my 2 cents...

- -- 
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzHmuEACgkQ6dZ+Kt5BchbSQQCeKOqhH+Q1pZFO7sczpDEEh4JY
JGkAoPJ6+bkCKT2SGFYRGPAjBv6nwMEC
=uHip
-----END PGP SIGNATURE-----




More information about the Devel mailing list