[sysmon-help] Frequently failing Sysmon ping tests...

[Morgan Aldridge]

On Mon, Aug 3, 2009 at 1:43 PM, Daniel J. Luke<dluke at geeklair.net> wrote:
>
> On Aug 3, 2009, at 12:38 PM, Morgan Aldridge wrote:
>>
>> Shouldn't that conditional statement be something more like the following?
>>
>>   if (strlen(buffer) >= sizeof(buffer))
>
> well, it would be pretty bad if the size of the string in that buffer was
> bigger than the buffer ;-)

Haha, very true! :D

>> I ask this because the buffer that service_test_www() (from http.c)
>> sends to getline_tcp() is an array of 1024 characters, so isn't
>> getline_tcp() returning if the length of the string stored in the
>> buffer exceeds 200 characters, therefore only utilizing about 20% of
>> the buffer?
>
> yeah, I think there's probably some history where the buffers everywhere
> used to be ~ 256 characters long and jared must have gone and bumped some
> (but not all of them) to 1024

That was my assumption.

> just wasting memory shouldn't cause the crash, though.

For sure.

>> Granted, service_test_www() doesn't seem to check the length of buffer
>> before sending it to print_err() and I didn't immediately see anything
>> else in getline_tcp() that could cause the out-of-bounds read. Any
>> other tips so I can get debugging working properly and try to find the
>> main issue?
>
> If I were ambitious, I would try to get you to build a minimal config that
> exhibits the issue and get you to send it to me (or jared) so we could just
> track down the problem.

I'll definitely see what I can do in that department.

> I've been meaning to try out valgrind now that it supposedly works on Mac OS
> X - and it might be helpful in this case.
>
> Otherwise, there's always gdb (or even just adding a bunch of extra
> logging)...

I haven't used gdb in a long time, but I'll look up the documentation
and see how far I get.

Morgan Aldridge
---
morgant at makkintosshu.com
http://www.makkintosshu.com/