[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]


     portmon buffer overflow in 4.2.2beta2

Hi folks,

New to the list, been using Nocol for a little over a year...

I believe I've located a bug in portmon.c. I've been monitoring http 
servers with portmon; some of these are set up by customers rather than 
by us, so we can't be sure of getting valid HTML back.  The 
configuration is something like:

HOST somehost  HTTP 80 Critical        GET / HTTP/1.0\n
info   <HEAD>
info   <Head>
info   <head>
info   <BODY
info   <Body
info   <body
info   200 OK

since not all the httpds in use return a 200. (Growl, growl, but that's 
not a Nocol problem.)

However, some of the top-level pages return a packet longer than the 
2048 bytes that's the default buffer size in process_host. While the 
buffer read is length-limited, it looks as if the end bytes may not be 
set correctly in this case. Portmon was crashing with segmentation 
faults, at any rate.

I've applied this patch to timeout_read, which seems to prevent the 
problem (though I confess it's a bit ugly). Any more experienced Nocol 
people care to comment?

--- portmon.old
+++ portmon.c
@@ -474,11 +474,12 @@
  * Returns the number of bytes read.
  * Returns -2 if timed out . Returns -1 if error occured
-timeout_read(sock, buf, bufsiz, timeout)
+timeout_read(sock, buf, xbufsiz, timeout)
   int sock;
   char *buf;
-  int bufsiz, timeout ;
+  int xbufsiz, timeout ;
+  int bufsiz=xbufsiz-4;
   int n, len = bufsiz ;
   char *cp;
   fd_set  fdvar;

As a separate issue, the nocollib.pl in the download package doesn't 
have the required "return 1;" at the end that makes it work...


Roger Burton West                                    roger@firedrake.org
                      ACTING IN A PRIVATE CAPACITY
Network Operations Centre Team Leader                  Direct Connection