[mrtg-developers] Buffer overflow in rateup
Ulf Härnhammar
Ulf.Harnhammar.9485 at student.uu.se
Thu Aug 26 21:13:51 MEST 2004
Hello,
I have discovered a potential crash bug in MRTG. The rateup
program doesn't handle really malformed log files very well. It
has an fscanf() call with two "%s" format strings that store data
of arbitrary length to char name[MAXL] arrays. This causes a crash
if the string fields in the log file are longer than that.
Despite being a buffer overflow, this is probably not a security
problem, as outsiders can't run rateup with long enough values as
far as I know. Nevertheless, I think this bug is worth fixing,
as the Right Thing for a program should be not to assume anything
about its input and to handle various problems well.
I have attached a log file that causes this problem, as well as a
patch against MRTG-2.10.15.
// Ulf Harnhammar
http://www.advogato.org/person/metaur/
-- Attached file removed by Ecartis and put at URL below --
-- Type: application/octet-stream
-- Size: 604 bytes
-- URL : http://www.ee.ethz.ch/~slist/p/crash.log
-- Attached file removed by Ecartis and put at URL below --
-- Type: text/plain
-- Size: 650 bytes
-- URL : http://www.ee.ethz.ch/~slist/p/mrtg.patch
--
Unsubscribe mailto:mrtg-developers-request at list.ee.ethz.ch?subject=unsubscribe
Help mailto:mrtg-developers-request at list.ee.ethz.ch?subject=help
Archive http://www.ee.ethz.ch/~slist/mrtg-developers
More information about the mrtg-developers
mailing list