Module: check_mk
Branch: master
Commit: a2677e45e0883a8b91df64dc1975a4668e3e43e7
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2677e45e0883a…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 10:33:08 2015 +0200
#2388 SEC Fixed reflected XSS on the index page using the start_url parameter
---
.werks/2388 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/main.py | 11 ++++++++---
3 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/.werks/2388 b/.werks/2388
new file mode 100644
index 0000000..1df911a
--- /dev/null
+++ b/.werks/2388
@@ -0,0 +1,9 @@
+Title: Fixed reflected XSS on the index page using the start_url parameter
+Level: 1
+Component: multisite
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435653074
+
diff --git a/ChangeLog b/ChangeLog
index 06d8cda..ec8b852 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,7 @@
Multisite:
* 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions...
* 2387 SEC: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters...
+ * 2388 SEC: Fixed reflected XSS on the index page using the start_url parameter
* 2314 FIX: Availability: fixed exception when grouping by host or service group
* 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views
* 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...
diff --git a/web/htdocs/main.py b/web/htdocs/main.py
index 6c9d161..a89ad03 100644
--- a/web/htdocs/main.py
+++ b/web/htdocs/main.py
@@ -28,12 +28,17 @@ import defaults, config
def page_index():
default_start_url = config.user.get("start_url") or config.start_url
- start_url = html.var("start_url", default_start_url)
+ start_url = html.var("start_url", default_start_url).strip()
+
# Prevent redirecting to absolute URL which could be used to redirect
- # users to compromised pages
+ # users to compromised pages.
if '://' in start_url:
start_url = default_start_url
+ # Also prevent using of "javascript:" URLs which could used to inject code
+ if start_url.startswith('javascript:'):
+ start_url = default_start_url
+
# Do not cache the index page -> caching problems when page is accessed
# while not logged in
#html.req.headers_out.add("Cache-Control", "max-age=7200, public");
@@ -55,7 +60,7 @@ def page_index():
<frame src="%s" name="main" noresize>
</frameset>
</html>
-""" % (heading, start_url))
+""" % (html.attrencode(heading), html.attrencode(start_url)))
# This function does almost nothing. It just makes sure that
# a livestatus-connection is built up, since connect_to_livestatus()
Module: check_mk
Branch: master
Commit: a62008f4321006832e526386216ea202d0bbc56e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a62008f4321006…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Jun 30 10:30:21 2015 +0200
#2370 FIX Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations
BI automatically aggregates downtimes and acknowledgements. But for host nodes in a
BI tree these two states had been swapped. This has been fixed.
---
.werks/2370 | 11 +++++++++++
ChangeLog | 1 +
web/htdocs/bi.py | 6 +++---
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/.werks/2370 b/.werks/2370
new file mode 100644
index 0000000..7dc9060
--- /dev/null
+++ b/.werks/2370
@@ -0,0 +1,11 @@
+Title: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations
+Level: 2
+Component: bi
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435652878
+
+BI automatically aggregates downtimes and acknowledgements. But for host nodes in a
+BI tree these two states had been swapped. This has been fixed.
diff --git a/ChangeLog b/ChangeLog
index 71eddaf..06d8cda 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,7 @@
BI:
* 2369 FIX: Fix exception in BI availability via table "Hostname Aggregations"
+ * 2370 FIX: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations...
HW/SW-Inventory:
* 2367 FIX: win_system: Fixed exception when non-UTF-8 sequences are contained agent output
diff --git a/web/htdocs/bi.py b/web/htdocs/bi.py
index 5ad5398..4477107 100644
--- a/web/htdocs/bi.py
+++ b/web/htdocs/bi.py
@@ -1913,8 +1913,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam
row["state"],
row["hard_state"],
row["plugin_output"],
- not not hostrow["acknowledged"],
hostrow["scheduled_downtime_depth"] > 0,
+ not not hostrow["acknowledged"],
hostrow["host_in_service_period"],
row["services_with_fullstate"] ]
if status_info == None:
@@ -1925,8 +1925,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam
hostrow["state"],
hostrow["hard_state"],
hostrow["plugin_output"],
- not not hostrow["acknowledged"],
hostrow["scheduled_downtime_depth"] > 0,
+ not not hostrow["acknowledged"],
hostrow["host_in_service_period"],
hostrow["services_with_fullstate"] ] }
@@ -1945,8 +1945,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam
this_row['state'],
this_row['hard_state'],
this_row['plugin_output'],
- not not this_row["acknowledged"],
this_row["scheduled_downtime_depth"] > 0,
+ not not this_row["acknowledged"],
this_row["host_in_service_period"],
this_row['services_with_fullstate'],
]
Module: check_mk
Branch: master
Commit: 5012f460af181f9792419de59426082a77d0b16f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5012f460af181f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 10:19:55 2015 +0200
Updated werk text
---
.werks/2387 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.werks/2387 b/.werks/2387
index 834c9a7..dd0c0ab 100644
--- a/.werks/2387
+++ b/.werks/2387
@@ -9,4 +9,5 @@ Date: 1435652277
On some pages, like for example the host group management page of WATO, it was possible
to inject user provided HTML/Javascript code into the confirm messages. An attacker could
-use this to let an authenticated user open a prepared URL for privilege escalation.
+use this to let an authenticated user open a prepared URL for privilege escalation within
+the GUI.
Module: check_mk
Branch: master
Commit: 2b5ae1e98aa8cb4571d37c5d3150ce6f23161850
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2b5ae1e98aa8cb…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 10:19:36 2015 +0200
#2387 SEC Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters
On some pages, like for example the host group management page of WATO, it was possible
to inject user provided HTML/Javascript code into the confirm messages. An attacker could
use this to let an authenticated user open a prepared URL for privilege escalation.
---
.werks/2387 | 12 ++++++++++++
ChangeLog | 1 +
web/htdocs/htmllib.py | 19 ++++++++++---------
3 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/.werks/2387 b/.werks/2387
new file mode 100644
index 0000000..834c9a7
--- /dev/null
+++ b/.werks/2387
@@ -0,0 +1,12 @@
+Title: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters
+Level: 1
+Component: multisite
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435652277
+
+On some pages, like for example the host group management page of WATO, it was possible
+to inject user provided HTML/Javascript code into the confirm messages. An attacker could
+use this to let an authenticated user open a prepared URL for privilege escalation.
diff --git a/ChangeLog b/ChangeLog
index ac9b259..4d53de6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@
Multisite:
* 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions...
+ * 2387 SEC: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters...
* 2314 FIX: Availability: fixed exception when grouping by host or service group
* 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views
* 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index bb6dce3..d6ffbef 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -1071,13 +1071,7 @@ class html:
cls = 'error'
prefix = _('ERROR')
- # Only strip off some tags. We allow some simple tags like
- # <b>, <tt>, <i> to be part of the exception message. The tags
- # are escaped first and then fixed again after attrencode.
- msg = self.attrencode(obj)
- msg = re.sub(r'<(/?)(b|tt|i|br(?: /)?|pre|a|sup|p|li|ul|ol)>', r'<\1\2>', msg)
- # Also repair link definitions
- msg = re.sub(r'<a href="(.*)">', r'<a href="\1">', msg)
+ msg = self.permissive_attrencode(obj)
if self.output_format == "html":
if self.mobile:
@@ -1308,7 +1302,7 @@ class html:
if not self.has_var("_do_confirm"):
if self.mobile:
self.write('<center>')
- self.write("<div class=really>%s" % msg)
+ self.write("<div class=really>%s" % self.permissive_attrencode(msg))
self.begin_form("confirm", method=method, action=action, add_transid=add_transid)
self.hidden_fields(add_action_vars = True)
self.button("_do_confirm", _("Yes!"), "really")
@@ -1370,7 +1364,14 @@ class html:
def disable_keybindings(self):
self.keybindings_enabled = False
- # From here: Former not class functions
+ # Only strip off some tags. We allow some simple tags like
+ # <b>, <tt>, <i> to be part of the string. This is useful
+ # for messages where we still want to have formating options.
+ def permissive_attrencode(self, obj):
+ msg = self.attrencode(obj)
+ msg = re.sub(r'<(/?)(b|tt|i|br(?: /)?|pre|a|sup|p|li|ul|ol)>', r'<\1\2>', msg)
+ # Also repair link definitions
+ return re.sub(r'<a href="(.*)">', r'<a href="\1">', msg)
# Encode HTML attributes: replace " with ", also replace
# < and >. This code is slow. Works on str and unicode without
Module: check_mk
Branch: master
Commit: 2b4afd8f1b586fc27200c76c9fd0e241f134fde9
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2b4afd8f1b586f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 10:02:24 2015 +0200
#2386 SEC Fixed possible XSS on WATO rule edit page
A possible XSS injection has been fixed on the rule edit page of WATO. It was possible
to inject javascript code using the HTTP parameters the page is processing.
---
.werks/2386 | 11 +++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 2 +-
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/.werks/2386 b/.werks/2386
new file mode 100644
index 0000000..2451307
--- /dev/null
+++ b/.werks/2386
@@ -0,0 +1,11 @@
+Title: Fixed possible XSS on WATO rule edit page
+Level: 1
+Component: wato
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435651254
+
+A possible XSS injection has been fixed on the rule edit page of WATO. It was possible
+to inject javascript code using the HTTP parameters the page is processing.
diff --git a/ChangeLog b/ChangeLog
index 4a79c70..ac9b259 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,7 @@
WATO:
* 2365 Removed old deprecated notification global options for plain emails...
* 2384 SEC: Prevent user passwords from being visible in webserver log on user creation...
+ * 2386 SEC: Fixed possible XSS on WATO rule edit page...
* 2344 FIX: Improved validation of selected rules when editing BI aggregations...
* 2346 FIX: Notifications: Fixed garbled page when switching on/off bulks/backlog/user rules
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 7565351..61dcdf3 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -14367,7 +14367,7 @@ def mode_edit_ruleset(phase):
if not rulespec:
text = html.var("service_description") or varname
- html.write("<div class=info>" + _("There are no rules availabe for %s.") % text + "</div>")
+ html.write("<div class=info>" + _("There are no rules availabe for %s.") % html.attrencode(text) + "</div>")
return
if not hostname:
Module: check_mk
Branch: master
Commit: 1932e4c5188469fdba9a770b6975c7908a905766
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1932e4c5188469…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 09:48:27 2015 +0200
#2385 SEC Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions
On pages where an authenticated user can trigger an exception which is then displayed
to the user as "Internal error" dialog with details about the exception, it was possible
for the user to inject javascript code which was executed in the context of the authenticated
user.
This has been fixed that javascript/html code which is injected is being escaped correctly.
---
.werks/2385 | 15 +++++++++++++++
ChangeLog | 1 +
web/htdocs/htmllib.py | 2 +-
web/htdocs/wato.py | 4 ++--
4 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/.werks/2385 b/.werks/2385
new file mode 100644
index 0000000..cb43377
--- /dev/null
+++ b/.werks/2385
@@ -0,0 +1,15 @@
+Title: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions
+Level: 1
+Component: multisite
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435650306
+
+On pages where an authenticated user can trigger an exception which is then displayed
+to the user as "Internal error" dialog with details about the exception, it was possible
+for the user to inject javascript code which was executed in the context of the authenticated
+user.
+
+This has been fixed that javascript/html code which is injected is being escaped correctly.
diff --git a/ChangeLog b/ChangeLog
index 60ecfc5..4a79c70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,7 @@
* 2318 FIX: windows agent: no longer crashes when a cached plugin has several hundred sections...
Multisite:
+ * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions...
* 2314 FIX: Availability: fixed exception when grouping by host or service group
* 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views
* 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index 958bc6a..bb6dce3 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -1048,7 +1048,7 @@ class html:
self.begin_foldable_container("html", "exc_details", False, _("Details"))
self.write('<div class=log_output>')
- self.write("<pre>%s</pre>" % details)
+ self.write("<pre>%s</pre>" % self.attrencode(details))
self.write('</div>')
self.end_foldable_container()
self.write("</div>")
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 37e08ee..7565351 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -3793,7 +3793,7 @@ def mode_bulk_inventory(phase):
else:
msg = _("Error during inventory of %s<div class=exc>%s</div>") % (", ".join(hostnames), e)
if config.debug:
- msg += "<br><pre>%s</pre><br>" % format_exception().replace("\n", "<br>")
+ msg += "<br><pre>%s</pre><br>" % html.attrencode(format_exception().replace("\n", "<br>"))
result += msg
html.write(result)
return ""
@@ -4230,7 +4230,7 @@ def mode_parentscan(phase):
else:
msg = _("Error during parent scan of %s: %s") % (hostname, e)
if config.debug:
- msg += "<br><pre>%s</pre>" % format_exception().replace("\n", "<br>")
+ msg += "<br><pre>%s</pre>" % html.attrencode(format_exception().replace("\n", "<br>"))
result += msg + "\n<br>"
html.write(result)
return ""
Module: check_mk
Branch: master
Commit: a328b1099f8cca6ef7c33e98fabb061b1d2cfb2b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a328b1099f8cca…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 09:32:02 2015 +0200
#2384 SEC Prevent user passwords from being visible in webserver log on user creation
When a user is created using WATO, the set values of the form fields were logged
directly into the webserver access log, because the form of this page used the
GET request method. Users which have access to the log files would be able to
see the initial passwords. If you use an older version of Check_MK it is a good
idea to set the "Change password at next login or access" to force the user
to change his password on first login.
We changed this form to perform a POST request now to prevent these information
being written to the logs.
---
.werks/2384 | 18 ++++++++++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 4 ++--
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/.werks/2384 b/.werks/2384
new file mode 100644
index 0000000..4ca6dbe
--- /dev/null
+++ b/.werks/2384
@@ -0,0 +1,18 @@
+Title: Prevent user passwords from being visible in webserver log on user creation
+Level: 1
+Component: wato
+Class: security
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435649205
+
+When a user is created using WATO, the set values of the form fields were logged
+directly into the webserver access log, because the form of this page used the
+GET request method. Users which have access to the log files would be able to
+see the initial passwords. If you use an older version of Check_MK it is a good
+idea to set the "Change password at next login or access" to force the user
+to change his password on first login.
+
+We changed this form to perform a POST request now to prevent these information
+being written to the logs.
diff --git a/ChangeLog b/ChangeLog
index 62e420b..60ecfc5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,7 @@
WATO:
* 2365 Removed old deprecated notification global options for plain emails...
+ * 2384 SEC: Prevent user passwords from being visible in webserver log on user creation...
* 2344 FIX: Improved validation of selected rules when editing BI aggregations...
* 2346 FIX: Notifications: Fixed garbled page when switching on/off bulks/backlog/user rules
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index ac18fe1..37e08ee 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -11924,7 +11924,7 @@ def mode_users(phase):
clone_url = make_link([("mode", "edit_user"), ("clone", id)])
html.icon_button(clone_url, _("Create a copy of this user"), "clone")
- delete_url = html.makeactionuri([("_delete", id)])
+ delete_url = make_action_link([("mode", "users"), ("_delete", id)])
html.icon_button(delete_url, _("Delete"), "delete")
notifications_url = make_link([("mode", "user_notifications"), ("user", id)])
@@ -12251,7 +12251,7 @@ def mode_edit_user(phase):
# Let exceptions from loading notification scripts happen now
load_notification_scripts()
- html.begin_form("user")
+ html.begin_form("user", method="POST")
forms.header(_("Identity"))
# ID
Module: check_mk
Branch: master
Commit: 7bf295c0f362566c7c096b91a82b684763ce7673
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7bf295c0f36256…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Mon Jun 29 17:00:11 2015 +0200
#2318 FIX windows agent: no longer crashes when a cached plugin has several hundred sections
The windows agent crashed when a single cached plugin reported several hundred sections.
Cached plugins needs to be postprocessed, which requires additional heap buffer.
The extra heap buffer was set to a too small value. This has been fixed.
Conflicts:
ChangeLog
agents/windows/check_mk_agent-64.exe
agents/windows/check_mk_agent-64.unversioned.exe
agents/windows/check_mk_agent.exe
agents/windows/check_mk_agent.msi
agents/windows/check_mk_agent.unversioned.exe
agents/windows/install_agent-64.exe
agents/windows/install_agent.exe
---
.werks/2318 | 12 ++++++++++++
ChangeLog | 1 +
agents/windows/check_mk_agent-64.exe | Bin 302080 -> 302080 bytes
agents/windows/check_mk_agent-64.unversioned.exe | Bin 302080 -> 302080 bytes
agents/windows/check_mk_agent.cc | 5 ++++-
agents/windows/check_mk_agent.exe | Bin 183808 -> 183808 bytes
agents/windows/check_mk_agent.msi | Bin 734720 -> 734720 bytes
agents/windows/check_mk_agent.unversioned.exe | Bin 183808 -> 183808 bytes
agents/windows/install_agent-64.exe | Bin 179043 -> 179044 bytes
agents/windows/install_agent.exe | Bin 160001 -> 160003 bytes
10 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/.werks/2318 b/.werks/2318
new file mode 100644
index 0000000..9f3ae76
--- /dev/null
+++ b/.werks/2318
@@ -0,0 +1,12 @@
+Title: windows agent: no longer crashes when a cached plugin has several hundred sections
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435589516
+
+The windows agent crashed when a single cached plugin reported several hundred sections.
+Cached plugins needs to be postprocessed, which requires additional heap buffer.
+The extra heap buffer was set to a too small value. This has been fixed.
diff --git a/ChangeLog b/ChangeLog
index b53fbe5..62e420b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@
* 2382 FIX: mssql_backup: Formating age output more human friendly
* 2383 FIX: FreeBSD Agent: Fixed handling <<<ps>>> section when jailed
* 2368 FIX: ucd_cpu_load: fix exception in case of dump SNMP agent sending 12,540000 instead of 12.540000
+ * 2318 FIX: windows agent: no longer crashes when a cached plugin has several hundred sections...
Multisite:
* 2314 FIX: Availability: fixed exception when grouping by host or service group
diff --git a/agents/windows/check_mk_agent-64.exe b/agents/windows/check_mk_agent-64.exe
index 9ab768b..666b0f4 100755
Binary files a/agents/windows/check_mk_agent-64.exe and b/agents/windows/check_mk_agent-64.exe differ
diff --git a/agents/windows/check_mk_agent-64.unversioned.exe b/agents/windows/check_mk_agent-64.unversioned.exe
index 85549ab..3ca66e0 100755
Binary files a/agents/windows/check_mk_agent-64.unversioned.exe and b/agents/windows/check_mk_agent-64.unversioned.exe differ
diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc
index 9a9653f..1c2cd52 100644
--- a/agents/windows/check_mk_agent.cc
+++ b/agents/windows/check_mk_agent.cc
@@ -3107,8 +3107,11 @@ void output_external_programs(SOCKET &out, script_type type)
// We need to parse each line and replace any <<<section>>> with <<<section:cached(123455678,3600)>>>
// Allocate new buffer, process/modify each line of the original buffer and write it into the new buffer
+ // We increase this new buffer by a good amount, because there might be several hundred
+ // sections (e.g. veeam_backup status piggyback) within this plugin output.
+ // TODO: Maybe add a dry run mode. Count the number of section lines and reserve a fitting extra heap
int buffer_heap_size = HeapSize(GetProcessHeap(), 0, cont->buffer_work);
- char *cache_buffer = (char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffer_heap_size + 1024);
+ char *cache_buffer = (char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffer_heap_size + 262144);
int cache_buffer_offset = 0;
char *line = strtok(cont->buffer_work, "\n");
diff --git a/agents/windows/check_mk_agent.exe b/agents/windows/check_mk_agent.exe
index ab87943..eedb2d9 100755
Binary files a/agents/windows/check_mk_agent.exe and b/agents/windows/check_mk_agent.exe differ
diff --git a/agents/windows/check_mk_agent.msi b/agents/windows/check_mk_agent.msi
index 971b791..3db52a5 100755
Binary files a/agents/windows/check_mk_agent.msi and b/agents/windows/check_mk_agent.msi differ
diff --git a/agents/windows/check_mk_agent.unversioned.exe b/agents/windows/check_mk_agent.unversioned.exe
index 5bba86d..0573dc3 100755
Binary files a/agents/windows/check_mk_agent.unversioned.exe and b/agents/windows/check_mk_agent.unversioned.exe differ
diff --git a/agents/windows/install_agent-64.exe b/agents/windows/install_agent-64.exe
index 0159fcf..7ef306c 100755
Binary files a/agents/windows/install_agent-64.exe and b/agents/windows/install_agent-64.exe differ
diff --git a/agents/windows/install_agent.exe b/agents/windows/install_agent.exe
index 4fcb964..1c31b2d 100755
Binary files a/agents/windows/install_agent.exe and b/agents/windows/install_agent.exe differ