Bug #1289

segfaults if no default_user_name= given in cgi.cfg

Added by hephaestus about 3 years ago. Updated about 3 years ago.

Status:ResolvedStart date:03/15/2011
Priority:NormalDue date:
Assignee:dnsmichi% Done:

100%

Category:Configuration
Target version:Icinga 1.x - 1.4
Icinga Version: Browser Version:

Description

RHEL 5.4 x86_64
Icinga 1.3.0

Without specifying a default_user_name, running 'REQUEST_METHOD=GET gdb ./status.cgi', the cgi segfaults:

(gdb) bt
#0  0x0000003932c796f0 in strlen () from /lib64/libc.so.6
#1  0x0000000000415bad in get_authentication_information (authinfo=0x64d760) at cgiauth.c:105
#2  0x000000000040e297 in main () at status.c:265
(gdb)

Associated revisions

Revision 5afdc144
Added by dnsmichi about 3 years ago

classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

fixes #1289

Revision 316e9145
Added by dnsmichi about 3 years ago

classic ui: fix segfaults if no default_user_name= given in cgi.cfg #1289

fixes #1289

History

#1 Updated by dnsmichi about 3 years ago

  • Target version changed from 1.3 to 1.4

the strtok above returns a null ptr which is not good for strlen (should bail out with an error before). this comes in from the cgiauth patch which is a bit buggy.

https://git.icinga.org/?p=icinga-core.git;a=blob;f=cgi/cgiauth.c;h=4884d3880a4ad8dc8c1121d1c4d5d795bf308267;hb=HEAD#l102

#2 Updated by dnsmichi about 3 years ago

  • Subject changed from Segfaults if no auth user specified to segfaults if no default_user_name= given in cgi.cfg
  • Category set to Configuration
  • Status changed from New to Assigned
  • Assignee set to dnsmichi

#3 Updated by dnsmichi about 3 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:5afdc144a77f42685a178afb1c04807d0c75b6ae.

Also available in: Atom PDF