Checkmk git commits June 2015

checkmk-commits@lists.checkmk.com

8 participants
227 discussions

Check_MK Git: check_mk: #2388 SEC Fixed reflected XSS on the index page using the start_url parameter

by Lars Michelsen

Module: check_mk Branch: master Commit: a2677e45e0883a8b91df64dc1975a4668e3e43e7 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2677e45e0883a… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 10:33:08 2015 +0200 #2388 SEC Fixed reflected XSS on the index page using the start_url parameter --- .werks/2388 | 9 +++++++++ ChangeLog | 1 + web/htdocs/main.py | 11 ++++++++--- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.werks/2388 b/.werks/2388 new file mode 100644 index 0000000..1df911a --- /dev/null +++ b/.werks/2388 @@ -0,0 +1,9 @@ +Title: Fixed reflected XSS on the index page using the start_url parameter +Level: 1 +Component: multisite +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435653074 + diff --git a/ChangeLog b/ChangeLog index 06d8cda..ec8b852 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ Multisite: * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... * 2387 SEC: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters... + * 2388 SEC: Fixed reflected XSS on the index page using the start_url parameter * 2314 FIX: Availability: fixed exception when grouping by host or service group * 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views * 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http... diff --git a/web/htdocs/main.py b/web/htdocs/main.py index 6c9d161..a89ad03 100644 --- a/web/htdocs/main.py +++ b/web/htdocs/main.py @@ -28,12 +28,17 @@ import defaults, config def page_index(): default_start_url = config.user.get("start_url") or config.start_url - start_url = html.var("start_url", default_start_url) + start_url = html.var("start_url", default_start_url).strip() + # Prevent redirecting to absolute URL which could be used to redirect - # users to compromised pages + # users to compromised pages. if '://' in start_url: start_url = default_start_url + # Also prevent using of "javascript:" URLs which could used to inject code + if start_url.startswith('javascript:'): + start_url = default_start_url + # Do not cache the index page -> caching problems when page is accessed # while not logged in #html.req.headers_out.add("Cache-Control", "max-age=7200, public"); @@ -55,7 +60,7 @@ def page_index(): <frame src="%s" name="main" noresize> </frameset> </html> -""" % (heading, start_url)) +""" % (html.attrencode(heading), html.attrencode(start_url))) # This function does almost nothing. It just makes sure that # a livestatus-connection is built up, since connect_to_livestatus()

9 years, 3 months

Check_MK Git: check_mk: #2370 FIX Fix computation of "in downtime" and " acknownledged" of hosts in BI aggregations

by Mathias Kettner

Module: check_mk Branch: master Commit: a62008f4321006832e526386216ea202d0bbc56e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a62008f4321006… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jun 30 10:30:21 2015 +0200 #2370 FIX Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations BI automatically aggregates downtimes and acknowledgements. But for host nodes in a BI tree these two states had been swapped. This has been fixed. --- .werks/2370 | 11 +++++++++++ ChangeLog | 1 + web/htdocs/bi.py | 6 +++--- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.werks/2370 b/.werks/2370 new file mode 100644 index 0000000..7dc9060 --- /dev/null +++ b/.werks/2370 @@ -0,0 +1,11 @@ +Title: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations +Level: 2 +Component: bi +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435652878 + +BI automatically aggregates downtimes and acknowledgements. But for host nodes in a +BI tree these two states had been swapped. This has been fixed. diff --git a/ChangeLog b/ChangeLog index 71eddaf..06d8cda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,7 @@ BI: * 2369 FIX: Fix exception in BI availability via table "Hostname Aggregations" + * 2370 FIX: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations... HW/SW-Inventory: * 2367 FIX: win_system: Fixed exception when non-UTF-8 sequences are contained agent output diff --git a/web/htdocs/bi.py b/web/htdocs/bi.py index 5ad5398..4477107 100644 --- a/web/htdocs/bi.py +++ b/web/htdocs/bi.py @@ -1913,8 +1913,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam row["state"], row["hard_state"], row["plugin_output"], - not not hostrow["acknowledged"], hostrow["scheduled_downtime_depth"] > 0, + not not hostrow["acknowledged"], hostrow["host_in_service_period"], row["services_with_fullstate"] ] if status_info == None: @@ -1925,8 +1925,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam hostrow["state"], hostrow["hard_state"], hostrow["plugin_output"], - not not hostrow["acknowledged"], hostrow["scheduled_downtime_depth"] > 0, + not not hostrow["acknowledged"], hostrow["host_in_service_period"], hostrow["services_with_fullstate"] ] } @@ -1945,8 +1945,8 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam this_row['state'], this_row['hard_state'], this_row['plugin_output'], - not not this_row["acknowledged"], this_row["scheduled_downtime_depth"] > 0, + not not this_row["acknowledged"], this_row["host_in_service_period"], this_row['services_with_fullstate'], ]

9 years, 3 months

Check_MK Git: check_mk: #2369 FIX Fix exception in BI availability via table " Hostname Aggregations"

by Mathias Kettner

Module: check_mk Branch: master Commit: 9d05bea391cc16e0b0316b2de5a61600f527c41e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9d05bea391cc16… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jun 30 10:23:25 2015 +0200 #2369 FIX Fix exception in BI availability via table "Hostname Aggregations" --- .werks/2369 | 9 +++++++++ ChangeLog | 3 +++ web/htdocs/bi.py | 7 +++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.werks/2369 b/.werks/2369 new file mode 100644 index 0000000..3e5fd5a --- /dev/null +++ b/.werks/2369 @@ -0,0 +1,9 @@ +Title: Fix exception in BI availability via table "Hostname Aggregations" +Level: 2 +Component: bi +Compatible: compat +Version: 1.2.7i3 +Date: 1435652572 +Class: fix + + diff --git a/ChangeLog b/ChangeLog index b53fbe5..86f1768 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ * 2348 FIX: HTML-Mails: Added missing link to service descriptions * 2349 FIX: HTML-Mails: Fixed state colors in Outlook + BI: + * 2369 FIX: Fix exception in BI availability via table "Hostname Aggregations" + HW/SW-Inventory: * 2367 FIX: win_system: Fixed exception when non-UTF-8 sequences are contained agent output diff --git a/web/htdocs/bi.py b/web/htdocs/bi.py index 79784f5..5ad5398 100644 --- a/web/htdocs/bi.py +++ b/web/htdocs/bi.py @@ -1096,7 +1096,7 @@ def execute_leaf_node(node, status_info, use_hard_states): "in_downtime" : host_in_downtime, "acknowledged" : host_acknowledged, "in_service_period" : host_in_service_period, - } + } if state_assumption != None: assumed_state = { "state" : state_assumption, @@ -1104,7 +1104,7 @@ def execute_leaf_node(node, status_info, use_hard_states): "in_downtime" : host_in_downtime, "acknowledged" : host_acknowledged, "in_service_period" : host_in_service_period, - } + } else: assumed_state = None return (state, assumed_state, node) @@ -1915,6 +1915,7 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam row["plugin_output"], not not hostrow["acknowledged"], hostrow["scheduled_downtime_depth"] > 0, + hostrow["host_in_service_period"], row["services_with_fullstate"] ] if status_info == None: break @@ -1926,6 +1927,7 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam hostrow["plugin_output"], not not hostrow["acknowledged"], hostrow["scheduled_downtime_depth"] > 0, + hostrow["host_in_service_period"], hostrow["services_with_fullstate"] ] } for group, aggregation in aggrs: @@ -1945,6 +1947,7 @@ def singlehost_table(columns, add_headers, only_sites, limit, filters, joinbynam this_row['plugin_output'], not not this_row["acknowledged"], this_row["scheduled_downtime_depth"] > 0, + this_row["host_in_service_period"], this_row['services_with_fullstate'], ]

9 years, 3 months

Check_MK Git: check_mk: Updated werk text

by Lars Michelsen

Module: check_mk Branch: master Commit: 5012f460af181f9792419de59426082a77d0b16f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5012f460af181f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 10:19:55 2015 +0200 Updated werk text --- .werks/2387 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.werks/2387 b/.werks/2387 index 834c9a7..dd0c0ab 100644 --- a/.werks/2387 +++ b/.werks/2387 @@ -9,4 +9,5 @@ Date: 1435652277 On some pages, like for example the host group management page of WATO, it was possible to inject user provided HTML/Javascript code into the confirm messages. An attacker could -use this to let an authenticated user open a prepared URL for privilege escalation. +use this to let an authenticated user open a prepared URL for privilege escalation within +the GUI.

9 years, 3 months

Check_MK Git: check_mk: #2387 SEC Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters

by Lars Michelsen

Module: check_mk Branch: master Commit: 2b5ae1e98aa8cb4571d37c5d3150ce6f23161850 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2b5ae1e98aa8cb… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 10:19:36 2015 +0200 #2387 SEC Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters On some pages, like for example the host group management page of WATO, it was possible to inject user provided HTML/Javascript code into the confirm messages. An attacker could use this to let an authenticated user open a prepared URL for privilege escalation. --- .werks/2387 | 12 ++++++++++++ ChangeLog | 1 + web/htdocs/htmllib.py | 19 ++++++++++--------- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/.werks/2387 b/.werks/2387 new file mode 100644 index 0000000..834c9a7 --- /dev/null +++ b/.werks/2387 @@ -0,0 +1,12 @@ +Title: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters +Level: 1 +Component: multisite +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435652277 + +On some pages, like for example the host group management page of WATO, it was possible +to inject user provided HTML/Javascript code into the confirm messages. An attacker could +use this to let an authenticated user open a prepared URL for privilege escalation. diff --git a/ChangeLog b/ChangeLog index ac9b259..4d53de6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ Multisite: * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... + * 2387 SEC: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters... * 2314 FIX: Availability: fixed exception when grouping by host or service group * 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views * 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http... diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index bb6dce3..d6ffbef 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -1071,13 +1071,7 @@ class html: cls = 'error' prefix = _('ERROR') - # Only strip off some tags. We allow some simple tags like - # <b>, <tt>, <i> to be part of the exception message. The tags - # are escaped first and then fixed again after attrencode. - msg = self.attrencode(obj) - msg = re.sub(r'<(/?)(b|tt|i|br(?: /)?|pre|a|sup|p|li|ul|ol)>', r'<\1\2>', msg) - # Also repair link definitions - msg = re.sub(r'<a href="(.*)">', r'<a href="\1">', msg) + msg = self.permissive_attrencode(obj) if self.output_format == "html": if self.mobile: @@ -1308,7 +1302,7 @@ class html: if not self.has_var("_do_confirm"): if self.mobile: self.write('<center>') - self.write("<div class=really>%s" % msg) + self.write("<div class=really>%s" % self.permissive_attrencode(msg)) self.begin_form("confirm", method=method, action=action, add_transid=add_transid) self.hidden_fields(add_action_vars = True) self.button("_do_confirm", _("Yes!"), "really") @@ -1370,7 +1364,14 @@ class html: def disable_keybindings(self): self.keybindings_enabled = False - # From here: Former not class functions + # Only strip off some tags. We allow some simple tags like + # <b>, <tt>, <i> to be part of the string. This is useful + # for messages where we still want to have formating options. + def permissive_attrencode(self, obj): + msg = self.attrencode(obj) + msg = re.sub(r'<(/?)(b|tt|i|br(?: /)?|pre|a|sup|p|li|ul|ol)>', r'<\1\2>', msg) + # Also repair link definitions + return re.sub(r'<a href="(.*)">', r'<a href="\1">', msg) # Encode HTML attributes: replace " with ", also replace # < and >. This code is slow. Works on str and unicode without

9 years, 3 months

Check_MK Git: check_mk: #2386 SEC Fixed possible XSS on WATO rule edit page

by Lars Michelsen

Module: check_mk Branch: master Commit: 2b4afd8f1b586fc27200c76c9fd0e241f134fde9 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2b4afd8f1b586f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 10:02:24 2015 +0200 #2386 SEC Fixed possible XSS on WATO rule edit page A possible XSS injection has been fixed on the rule edit page of WATO. It was possible to inject javascript code using the HTTP parameters the page is processing. --- .werks/2386 | 11 +++++++++++ ChangeLog | 1 + web/htdocs/wato.py | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.werks/2386 b/.werks/2386 new file mode 100644 index 0000000..2451307 --- /dev/null +++ b/.werks/2386 @@ -0,0 +1,11 @@ +Title: Fixed possible XSS on WATO rule edit page +Level: 1 +Component: wato +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435651254 + +A possible XSS injection has been fixed on the rule edit page of WATO. It was possible +to inject javascript code using the HTTP parameters the page is processing. diff --git a/ChangeLog b/ChangeLog index 4a79c70..ac9b259 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,7 @@ WATO: * 2365 Removed old deprecated notification global options for plain emails... * 2384 SEC: Prevent user passwords from being visible in webserver log on user creation... + * 2386 SEC: Fixed possible XSS on WATO rule edit page... * 2344 FIX: Improved validation of selected rules when editing BI aggregations... * 2346 FIX: Notifications: Fixed garbled page when switching on/off bulks/backlog/user rules diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 7565351..61dcdf3 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -14367,7 +14367,7 @@ def mode_edit_ruleset(phase): if not rulespec: text = html.var("service_description") or varname - html.write("<div class=info>" + _("There are no rules availabe for %s.") % text + "</div>") + html.write("<div class=info>" + _("There are no rules availabe for %s.") % html.attrencode(text) + "</div>") return if not hostname:

9 years, 3 months

Check_MK Git: check_mk: #2385 SEC Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions

by Lars Michelsen

Module: check_mk Branch: master Commit: 1932e4c5188469fdba9a770b6975c7908a905766 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1932e4c5188469… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 09:48:27 2015 +0200 #2385 SEC Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions On pages where an authenticated user can trigger an exception which is then displayed to the user as "Internal error" dialog with details about the exception, it was possible for the user to inject javascript code which was executed in the context of the authenticated user. This has been fixed that javascript/html code which is injected is being escaped correctly. --- .werks/2385 | 15 +++++++++++++++ ChangeLog | 1 + web/htdocs/htmllib.py | 2 +- web/htdocs/wato.py | 4 ++-- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.werks/2385 b/.werks/2385 new file mode 100644 index 0000000..cb43377 --- /dev/null +++ b/.werks/2385 @@ -0,0 +1,15 @@ +Title: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions +Level: 1 +Component: multisite +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435650306 + +On pages where an authenticated user can trigger an exception which is then displayed +to the user as "Internal error" dialog with details about the exception, it was possible +for the user to inject javascript code which was executed in the context of the authenticated +user. + +This has been fixed that javascript/html code which is injected is being escaped correctly. diff --git a/ChangeLog b/ChangeLog index 60ecfc5..4a79c70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,7 @@ * 2318 FIX: windows agent: no longer crashes when a cached plugin has several hundred sections... Multisite: + * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... * 2314 FIX: Availability: fixed exception when grouping by host or service group * 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views * 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http... diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index 958bc6a..bb6dce3 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -1048,7 +1048,7 @@ class html: self.begin_foldable_container("html", "exc_details", False, _("Details")) self.write('<div class=log_output>') - self.write("<pre>%s</pre>" % details) + self.write("<pre>%s</pre>" % self.attrencode(details)) self.write('</div>') self.end_foldable_container() self.write("</div>") diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 37e08ee..7565351 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -3793,7 +3793,7 @@ def mode_bulk_inventory(phase): else: msg = _("Error during inventory of %s<div class=exc>%s</div>") % (", ".join(hostnames), e) if config.debug: - msg += "<br><pre>%s</pre><br>" % format_exception().replace("\n", "<br>") + msg += "<br><pre>%s</pre><br>" % html.attrencode(format_exception().replace("\n", "<br>")) result += msg html.write(result) return "" @@ -4230,7 +4230,7 @@ def mode_parentscan(phase): else: msg = _("Error during parent scan of %s: %s") % (hostname, e) if config.debug: - msg += "<br><pre>%s</pre>" % format_exception().replace("\n", "<br>") + msg += "<br><pre>%s</pre>" % html.attrencode(format_exception().replace("\n", "<br>")) result += msg + "\n<br>" html.write(result) return ""

9 years, 3 months

Check_MK Git: check_mk: #2384 SEC Prevent user passwords from being visible in webserver log on user creation

by Lars Michelsen

Module: check_mk Branch: master Commit: a328b1099f8cca6ef7c33e98fabb061b1d2cfb2b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a328b1099f8cca… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 09:32:02 2015 +0200 #2384 SEC Prevent user passwords from being visible in webserver log on user creation When a user is created using WATO, the set values of the form fields were logged directly into the webserver access log, because the form of this page used the GET request method. Users which have access to the log files would be able to see the initial passwords. If you use an older version of Check_MK it is a good idea to set the "Change password at next login or access" to force the user to change his password on first login. We changed this form to perform a POST request now to prevent these information being written to the logs. --- .werks/2384 | 18 ++++++++++++++++++ ChangeLog | 1 + web/htdocs/wato.py | 4 ++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.werks/2384 b/.werks/2384 new file mode 100644 index 0000000..4ca6dbe --- /dev/null +++ b/.werks/2384 @@ -0,0 +1,18 @@ +Title: Prevent user passwords from being visible in webserver log on user creation +Level: 1 +Component: wato +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435649205 + +When a user is created using WATO, the set values of the form fields were logged +directly into the webserver access log, because the form of this page used the +GET request method. Users which have access to the log files would be able to +see the initial passwords. If you use an older version of Check_MK it is a good +idea to set the "Change password at next login or access" to force the user +to change his password on first login. + +We changed this form to perform a POST request now to prevent these information +being written to the logs. diff --git a/ChangeLog b/ChangeLog index 62e420b..60ecfc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,7 @@ WATO: * 2365 Removed old deprecated notification global options for plain emails... + * 2384 SEC: Prevent user passwords from being visible in webserver log on user creation... * 2344 FIX: Improved validation of selected rules when editing BI aggregations... * 2346 FIX: Notifications: Fixed garbled page when switching on/off bulks/backlog/user rules diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index ac18fe1..37e08ee 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -11924,7 +11924,7 @@ def mode_users(phase): clone_url = make_link([("mode", "edit_user"), ("clone", id)]) html.icon_button(clone_url, _("Create a copy of this user"), "clone") - delete_url = html.makeactionuri([("_delete", id)]) + delete_url = make_action_link([("mode", "users"), ("_delete", id)]) html.icon_button(delete_url, _("Delete"), "delete") notifications_url = make_link([("mode", "user_notifications"), ("user", id)]) @@ -12251,7 +12251,7 @@ def mode_edit_user(phase): # Let exceptions from loading notification scripts happen now load_notification_scripts() - html.begin_form("user") + html.begin_form("user", method="POST") forms.header(_("Identity")) # ID

9 years, 3 months

Check_MK Git: check_mk: added missing files of werk 2318

by Andreas Boesl

Module: check_mk Branch: master Commit: 7a75919f7428b9e52861f2d3956e9607a57b2a70 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7a75919f7428b9… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Mon Jun 29 17:01:39 2015 +0200 added missing files of werk 2318 --- agents/windows/build_version | 2 +- agents/windows/crash.exe | Bin 20024 -> 20024 bytes agents/windows/nowin.exe | Bin 22511 -> 22511 bytes 3 files changed, 1 insertion(+), 1 deletion(-) diff --git a/agents/windows/build_version b/agents/windows/build_version index 0f11735..ca55a6c 100644 --- a/agents/windows/build_version +++ b/agents/windows/build_version @@ -1 +1 @@ -196 +198 diff --git a/agents/windows/crash.exe b/agents/windows/crash.exe index 1ca41df..cc163af 100755 Binary files a/agents/windows/crash.exe and b/agents/windows/crash.exe differ diff --git a/agents/windows/nowin.exe b/agents/windows/nowin.exe index 5d2d67b..01e29c9 100755 Binary files a/agents/windows/nowin.exe and b/agents/windows/nowin.exe differ

9 years, 3 months

Check_MK Git: check_mk: #2318 FIX windows agent: no longer crashes when a cached plugin has several hundred sections

by Andreas Boesl

Module: check_mk Branch: master Commit: 7bf295c0f362566c7c096b91a82b684763ce7673 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7bf295c0f36256… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Mon Jun 29 17:00:11 2015 +0200 #2318 FIX windows agent: no longer crashes when a cached plugin has several hundred sections The windows agent crashed when a single cached plugin reported several hundred sections. Cached plugins needs to be postprocessed, which requires additional heap buffer. The extra heap buffer was set to a too small value. This has been fixed. Conflicts: ChangeLog agents/windows/check_mk_agent-64.exe agents/windows/check_mk_agent-64.unversioned.exe agents/windows/check_mk_agent.exe agents/windows/check_mk_agent.msi agents/windows/check_mk_agent.unversioned.exe agents/windows/install_agent-64.exe agents/windows/install_agent.exe --- .werks/2318 | 12 ++++++++++++ ChangeLog | 1 + agents/windows/check_mk_agent-64.exe | Bin 302080 -> 302080 bytes agents/windows/check_mk_agent-64.unversioned.exe | Bin 302080 -> 302080 bytes agents/windows/check_mk_agent.cc | 5 ++++- agents/windows/check_mk_agent.exe | Bin 183808 -> 183808 bytes agents/windows/check_mk_agent.msi | Bin 734720 -> 734720 bytes agents/windows/check_mk_agent.unversioned.exe | Bin 183808 -> 183808 bytes agents/windows/install_agent-64.exe | Bin 179043 -> 179044 bytes agents/windows/install_agent.exe | Bin 160001 -> 160003 bytes 10 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.werks/2318 b/.werks/2318 new file mode 100644 index 0000000..9f3ae76 --- /dev/null +++ b/.werks/2318 @@ -0,0 +1,12 @@ +Title: windows agent: no longer crashes when a cached plugin has several hundred sections +Level: 1 +Component: checks +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435589516 + +The windows agent crashed when a single cached plugin reported several hundred sections. +Cached plugins needs to be postprocessed, which requires additional heap buffer. +The extra heap buffer was set to a too small value. This has been fixed. diff --git a/ChangeLog b/ChangeLog index b53fbe5..62e420b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ * 2382 FIX: mssql_backup: Formating age output more human friendly * 2383 FIX: FreeBSD Agent: Fixed handling <<<ps>>> section when jailed * 2368 FIX: ucd_cpu_load: fix exception in case of dump SNMP agent sending 12,540000 instead of 12.540000 + * 2318 FIX: windows agent: no longer crashes when a cached plugin has several hundred sections... Multisite: * 2314 FIX: Availability: fixed exception when grouping by host or service group diff --git a/agents/windows/check_mk_agent-64.exe b/agents/windows/check_mk_agent-64.exe index 9ab768b..666b0f4 100755 Binary files a/agents/windows/check_mk_agent-64.exe and b/agents/windows/check_mk_agent-64.exe differ diff --git a/agents/windows/check_mk_agent-64.unversioned.exe b/agents/windows/check_mk_agent-64.unversioned.exe index 85549ab..3ca66e0 100755 Binary files a/agents/windows/check_mk_agent-64.unversioned.exe and b/agents/windows/check_mk_agent-64.unversioned.exe differ diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc index 9a9653f..1c2cd52 100644 --- a/agents/windows/check_mk_agent.cc +++ b/agents/windows/check_mk_agent.cc @@ -3107,8 +3107,11 @@ void output_external_programs(SOCKET &out, script_type type) // We need to parse each line and replace any <<<section>>> with <<<section:cached(123455678,3600)>>> // Allocate new buffer, process/modify each line of the original buffer and write it into the new buffer + // We increase this new buffer by a good amount, because there might be several hundred + // sections (e.g. veeam_backup status piggyback) within this plugin output. + // TODO: Maybe add a dry run mode. Count the number of section lines and reserve a fitting extra heap int buffer_heap_size = HeapSize(GetProcessHeap(), 0, cont->buffer_work); - char *cache_buffer = (char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffer_heap_size + 1024); + char *cache_buffer = (char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffer_heap_size + 262144); int cache_buffer_offset = 0; char *line = strtok(cont->buffer_work, "\n"); diff --git a/agents/windows/check_mk_agent.exe b/agents/windows/check_mk_agent.exe index ab87943..eedb2d9 100755 Binary files a/agents/windows/check_mk_agent.exe and b/agents/windows/check_mk_agent.exe differ diff --git a/agents/windows/check_mk_agent.msi b/agents/windows/check_mk_agent.msi index 971b791..3db52a5 100755 Binary files a/agents/windows/check_mk_agent.msi and b/agents/windows/check_mk_agent.msi differ diff --git a/agents/windows/check_mk_agent.unversioned.exe b/agents/windows/check_mk_agent.unversioned.exe index 5bba86d..0573dc3 100755 Binary files a/agents/windows/check_mk_agent.unversioned.exe and b/agents/windows/check_mk_agent.unversioned.exe differ diff --git a/agents/windows/install_agent-64.exe b/agents/windows/install_agent-64.exe index 0159fcf..7ef306c 100755 Binary files a/agents/windows/install_agent-64.exe and b/agents/windows/install_agent-64.exe differ diff --git a/agents/windows/install_agent.exe b/agents/windows/install_agent.exe index 4fcb964..1c31b2d 100755 Binary files a/agents/windows/install_agent.exe and b/agents/windows/install_agent.exe differ

9 years, 3 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits June 2015