Package: webalizer Version: 2.01.10-32 Severity: normal Hi,
on a amd64 machine with a Debian etch i386, I had the problem that in the generated statistic for the “top 30 IP addresses sorted by kB F” (and some others) the fields kB In and kB Out contained big numbers (more than 150 digits). This looked like an overflow, but I found a bug in the creation of the database file webalizer.current. The values of ixfer and oxfer were written to a position other than the parser tried to read them from. IMO this caused the variable left uninitialized and there the big numbers came from. I've created a patch to correct this. Bye, Jörg.
From 40f027f477273a2dc1f33b21c4493b8eedabc31d Mon Sep 17 00:00:00 2001 Message-Id: <40f027f477273a2dc1f33b21c4493b8eedabc31d.1259165262.git.joerg.som...@ateo.de> In-Reply-To: <ecff2b0815768dc2b1897390adc3e9e68a0c5689.1259165261.git.joerg.som...@ateo.de> References: <ecff2b0815768dc2b1897390adc3e9e68a0c5689.1259165261.git.joerg.som...@ateo.de> From: =?utf-8?q?J=C3=B6rg=20Sommer?= <jo...@alea.gnuu.de> Date: Wed, 25 Nov 2009 14:10:35 +0100 Subject: [PATCH] apache logio patch: Fix position of [io]xfer record in database MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit The expression used to parse the site records in the database is: /* load temporary node data */ sscanf(buffer,"%d %lld %lld %lf %lld %lld %lf %lf", &t_hnode.flag,&t_hnode.count, &t_hnode.files, &t_hnode.xfer, &t_hnode.visit, &t_hnode.tstamp, &t_hnode.ixfer, &t_hnode.oxfer); The values of ixfer and oxfer are read from the same line as all other numbers and not from the line with the last URL. But the expression that writes this record was: sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", … (hptr->lasturl==blank_str)?"-":hptr->lasturl, hptr->ixfer, hptr->oxfer); The ixfer and oxfer records were written to the line with the lasturl. So the sscanf expression failed to initialize the variable ixfer and oxfer and the lasturl contained junk. Because I think the last URL should stay alone in a line, I've updated the sprintf expression and not the parser. --- debian/patches/05_apache_logio.dpatch | 20 ++++++++------------ debian/patches/11_various_buffer_overflows.dpatch | 8 ++++---- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/debian/patches/05_apache_logio.dpatch b/debian/patches/05_apache_logio.dpatch index 51e5fb2..bc3cf52 100644 --- a/debian/patches/05_apache_logio.dpatch +++ b/debian/patches/05_apache_logio.dpatch @@ -2731,41 +2731,37 @@ diff -urNad webalizer-2.01.10~/preserve.c webalizer-2.01.10/preserve.c while (hptr!=NULL) { - sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s\n", -+ sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", ++ sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", hptr->string, hptr->flag, hptr->count, -@@ -280,7 +288,9 @@ +@@ -280,6 +288,8 @@ hptr->xfer, hptr->visit, hptr->tstamp, -- (hptr->lasturl==blank_str)?"-":hptr->lasturl); -+ (hptr->lasturl==blank_str)?"-":hptr->lasturl, + hptr->ixfer, -+ hptr->oxfer); ++ hptr->oxfer, + (hptr->lasturl==blank_str)?"-":hptr->lasturl); if (fputs(buffer,fp)==EOF) return 1; /* error exit */ hptr=hptr->next; - } @@ -294,7 +304,7 @@ hptr=sd_htab[i]; while (hptr!=NULL) { - sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s\n", -+ sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", ++ sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", hptr->string, hptr->flag, hptr->count, -@@ -302,7 +312,9 @@ +@@ -302,6 +312,8 @@ hptr->xfer, hptr->visit, hptr->tstamp, -- (hptr->lasturl==blank_str)?"-":hptr->lasturl); -+ (hptr->lasturl==blank_str)?"-":hptr->lasturl, + hptr->ixfer, -+ hptr->oxfer); ++ hptr->oxfer, + (hptr->lasturl==blank_str)?"-":hptr->lasturl); if (fputs(buffer,fp)==EOF) return 1; hptr=hptr->next; - } @@ -367,14 +379,16 @@ iptr=im_htab[i]; while (iptr!=NULL) diff --git a/debian/patches/11_various_buffer_overflows.dpatch b/debian/patches/11_various_buffer_overflows.dpatch index 470a4d7..eab46da 100644 --- a/debian/patches/11_various_buffer_overflows.dpatch +++ b/debian/patches/11_various_buffer_overflows.dpatch @@ -424,8 +424,8 @@ diff -urNad webalizer-2.01.10~/preserve.c webalizer-2.01.10/preserve.c hptr=sm_htab[i]; while (hptr!=NULL) { -- sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", -+ snprintf(buffer,sizeof(buffer),"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", +- sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", ++ snprintf(buffer,sizeof(buffer),"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", hptr->string, hptr->flag, hptr->count, @@ -433,8 +433,8 @@ diff -urNad webalizer-2.01.10~/preserve.c webalizer-2.01.10/preserve.c hptr=sd_htab[i]; while (hptr!=NULL) { -- sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", -+ snprintf(buffer,sizeof(buffer),"%s\n%d %lld %lld %.0f %lld %lld\n%s %.0f %.0f\n", +- sprintf(buffer,"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", ++ snprintf(buffer,sizeof(buffer),"%s\n%d %lld %lld %.0f %lld %lld %.0f %.0f\n%s\n", hptr->string, hptr->flag, hptr->count, -- 1.6.3.3
signature.asc
Description: Digital signature http://en.wikipedia.org/wiki/OpenPGP