Bug #1289

segfaults if no default_user_name= given in cgi.cfg

Added by hephaestus almost 4 years ago. Updated 3 months ago.

Status:ResolvedStart date:03/15/2011
Priority:NormalDue date:
Assignee:dnsmichi% Done:

100%

Category:Classic UI
Target version:Icinga 1.x - 1.4
Icinga Version:1.10.0 OS Version:any

Description

RHEL 5.4 x86_64
Icinga 1.3.0

Without specifying a default_user_name, running 'REQUEST_METHOD=GET gdb ./status.cgi', the cgi segfaults:

(gdb) bt
#0  0x0000003932c796f0 in strlen () from /lib64/libc.so.6
#1  0x0000000000415bad in get_authentication_information (authinfo=0x64d760) at cgiauth.c:105
#2  0x000000000040e297 in main () at status.c:265
(gdb)

Associated revisions

Revision 5afdc144
Added by dnsmichi almost 4 years ago

classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

fixes #1289

Revision 316e9145
Added by dnsmichi almost 4 years ago

classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

fixes #1289

History

#1 Updated by dnsmichi almost 4 years ago

  • Target version changed from 1.3 to 1.4

the strtok above returns a null ptr which is not good for strlen (should bail out with an error before). this comes in from the cgiauth patch which is a bit buggy.

https://git.icinga.org/?p=icinga-core.git;a=blob;f=cgi/cgiauth.c;h=4884d3880a4ad8dc8c1121d1c4d5d795bf308267;hb=HEAD#l102

#2 Updated by dnsmichi almost 4 years ago

  • Subject changed from Segfaults if no auth user specified to segfaults if no default_user_name= given in cgi.cfg
  • Category set to 43
  • Status changed from New to Assigned
  • Assignee set to dnsmichi

#3 Updated by dnsmichi almost 4 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

#4 Updated by dnsmichi 3 months ago

  • Project changed from 19 to Core, Classic UI, IDOUtils
  • Category changed from 43 to Classic UI
  • Icinga Version set to 1.10.0
  • OS Version set to any

Also available in: Atom PDF