[sysmon-help] Frequently failing Sysmon ping tests...

Morgan Aldridge morgant at makkintosshu.com
Mon Aug 3 12:41:30 EDT 2009


On Mon, Aug 3, 2009 at 12:40 PM, Morgan
Aldridge<morgant at makkintosshu.com> wrote:
>
> Could it have anything to do with 'buffer' having a length of 1024?
> None of the lines in the source of the page being requested appear to
> have even 255 chars, let alone 1024, but I haven't looked at
> getline_tcp() to see how it determines what one line is.

To continue my thinking outloud...

I took a peek at getline_tcp() in talktcp.c and have a question about
the following part of it:

   strncat(buffer, &buf, 1);
   if (strlen(buffer) > 200)
   {
       return 0;
   }

Shouldn't that conditional statement be something more like the following?

   if (strlen(buffer) >= sizeof(buffer))

I ask this because the buffer that service_test_www() (from http.c)
sends to getline_tcp() is an array of 1024 characters, so isn't
getline_tcp() returning if the length of the string stored in the
buffer exceeds 200 characters, therefore only utilizing about 20% of
the buffer?

Granted, service_test_www() doesn't seem to check the length of buffer
before sending it to print_err() and I didn't immediately see anything
else in getline_tcp() that could cause the out-of-bounds read. Any
other tips so I can get debugging working properly and try to find the
main issue?

Morgan Aldridge
---
morgant at makkintosshu.com
http://www.makkintosshu.com/


More information about the Sysmon-help mailing list