[Nagiosplug-devel] Stack overflow in check_clamd/check_tcp
Thomas Guyot-Sionnest
dermoth at aei.ca
Wed Oct 27 05:22:15 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10-10-26 05:35 PM, Holger Weiß wrote:
> * Andreas Ericsson <ae at op5.se> [2010-10-26 20:52]:
>> On 10/26/2010 07:37 PM, Holger Weiß wrote:
>
>>> | (gdb) step
>>> | 234 memset(&su, 0, sizeof(su));
>>> | (gdb) step
>>> | 236 strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
>>> | (gdb) step
>>> | 235 su.sun_family = AF_UNIX;
>>> | (gdb) step
>>> | 236 strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
>>> | (gdb) step
>>> | strncpy (dst=0xcfbe1940 "", src=0xcfbe1b7e "/tmp/clamd.socket", n=108)
>>> | at /usr/src/lib/libc/string/strncpy.c:47
>
> So line 236 is executed before line 235 and then line 236 is executed
> again?
>
>>> | (gdb) step
>>> | np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket", port=3310,
>>> | sd=0x3c002064, proto=6) at netutils.c:238
>>> | 238 if(*sd< 0){
>>> | (gdb) step
>>> | 237 *sd = socket(PF_UNIX, SOCK_STREAM, 0);
>>> | (gdb) step
>>> | 238 if(*sd< 0){
>>> | (gdb) step
>>> | 241 result = connect(*sd, (struct sockaddr *)&su, sizeof(su));
>
> Hmm.
>
>> So what the hell is going on?
>
> No idea. Looking through np_net_connect(), I don't see any suspicious
> code ...
What kind of optimizations were used at compile time? Maybe worth trying
with -O0
Just my 2 cents...
- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzHmuEACgkQ6dZ+Kt5BchbSQQCeKOqhH+Q1pZFO7sczpDEEh4JY
JGkAoPJ6+bkCKT2SGFYRGPAjBv6nwMEC
=uHip
-----END PGP SIGNATURE-----
More information about the Devel
mailing list