On Thu, 2009-07-30 at 10:29 +0000, Carlo Marcelo Arenas Belon wrote:
> On Wed, Jul 29, 2009 at 03:42:05PM -0400, Jason A. Smith wrote:
> > 
> > In gmond, the monitor-core/libmetrics/linux/metrics.c:find_disk_space()
> > function, was not only using small character arrays, but the arrays for
> > the sscanf after the fgets were smaller than the array for the line it
> > just read in, which can lead to buffer overflows and the "stack
> > smashing" problem that we were having.
> 
> using fixed size arrays in the stack is never a good idea.
> in this case it could be theoretically possible to exploit this overflow
> with the help of a malicious NFS server (very unlikely though).
> 
> > To fix out problem and prevent the overflows, I made a patch to increase
> > the size of the arrays and also make each of the arrays used in the
> > sscanf the same size as the line buffer used in fgets, so there is no
> > chance of another overflow.
> 
> committed for trunk in r2007, but the new implementation might also
> generate segfaults on its own due to stack overflows when running with
> very small stacks as it requires a bigger stack.
> 
> IMHO it would be better to migrate this function to use getmntent and
> friends as it was done already for Cygwin, Solaris and the BSD and that
> way avoid the use of local buffers and parsing of the /proc/mounts file
> directly.

Hi Carlo,

This is a good idea, I didn't think to check the libmetric code from the
other OSes.  Besides a few minor differences for the remote_mounts &
valid_mount_type functions and the seen_before part, the solaris & linux
code look almost identical.  Should the linux code be updated to look
more like the solaris code?  Too bad it isn't possible to merge similar
code instead copying it.

~Jason


-- 
/------------------------------------------------------------------\
|  Jason A. Smith                          Email:  smit...@bnl.gov |
|  Atlas Computing Facility, Bldg. 510M    Phone: +1-631-344-4226  |
|  Brookhaven National Lab, P.O. Box 5000  Fax:   +1-631-344-7616  |
|  Upton, NY 11973-5000,  U.S.A.                                   |
\------------------------------------------------------------------/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Reply via email to