New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Receive the whole IP string to avoid the truncation of the last digit #3615
Conversation
I am missing the memory tests. |
I've found an invalid write when applying this change. This is why we are allocating a size of 16 for wazuh/src/client-agent/notify.c Line 138 in 170da17
If we set the same size when calling wazuh/src/client-agent/notify.c Line 146 in 170da17
At Line 470 in 170da17
That's causing the following invalid write:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments at the PR conversation.
More desired changes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
OS_RecvUnix(int socket, char *buffer, int buffer_size)
reads up to buffer_size - 1
bytes, and it terminates the string.
Edit
OS_RecvUnix(int socket, char *buffer, int buffer_size)
- First terminates the string, assuming that
buffer
allocatesbuffer_size + 1
bytes. - Reads up to
buffer_size - 1
. - Terminates the resulting string.
So, if an IP occupies IPSIZE - 1
bytes, we must allocate IPSIZE + 1
bytes and pass IPSIZE
to OS_RecvUnix()
:
char buffer[IPSIZE + 1];
OS_RecvUnix(sock, buffer, IPSIZE);
This way, buffer
will be terminated twice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Description
When the agent IP had the maximum length, 15, the last digit was truncated because it was being replaced with
\0
. This PR changes the number of characters received to receive the\0
from the socket too and avoid the truncation.The field
agent_ip
of the agent-info was truncated before:After the change, the IP field contains the whole IP
Tests
XXX.XXX.XXX.XXX
Memory Test of
ossec-agentd