Module: check_mk
Branch: master
Commit: 4d72f1b76c89ace253cf683b23db635696f5337a
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4d72f1b76c89ac…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Jan 9 11:25:11 2014 +0100
FIX windows agent: fixed crash on processing eventlog records
On some instances the check_mk_agent crashed when formatting
eventlog messages. This was caused by message templates, which were
specified in dll files, expecting more formatting arguments than the
eventlog record provided.
---
.werks/253 | 11 +++++++++++
ChangeLog | 1 +
agents/windows/check_mk_agent.cc | 20 +++++++++++++-------
3 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/.werks/253 b/.werks/253
new file mode 100644
index 0000000..a647cc6
--- /dev/null
+++ b/.werks/253
@@ -0,0 +1,11 @@
+Title: windows agent: fixed crash on processing eventlog records
+Level: 1
+Component: checks
+Version: 1.2.5i1
+Date: 1389262775
+Class: fix
+
+On some instances the check_mk_agent crashed when formatting
+eventlog messages. This was caused by message templates, which were
+specified in dll files, expecting more formatting arguments than the
+eventlog record provided.
diff --git a/ChangeLog b/ChangeLog
index b8c4f99..bc1eb0e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -84,6 +84,7 @@
* 0442 FIX: dell_om_disks: Treat global host spare disks as OK, instead of WARN...
* 0443 FIX: brocade_fcport: cope with firmware that does not provide speed
information...
* 0322 FIX: timemachine: Check now also works if there are spaces in the name of the
backup volume or the hostname
+ * 0253 FIX: windows agent: fixed crash on processing eventlog records...
Multisite:
* 0371 Added log class filter to hostsvcevents view
diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc
index 34cafea..b555fdb 100755
--- a/agents/windows/check_mk_agent.cc
+++ b/agents/windows/check_mk_agent.cc
@@ -1199,12 +1199,18 @@ void process_eventlog_entries(SOCKET &out, const char
*logname, char *buffer,
DWORD num_strings = event->NumStrings;
WCHAR *s = (WCHAR *)(((char *)event) + event->StringOffset);
unsigned ns;
- for (ns = 0; ns < num_strings; ns++) {
- if (ns >= 63) break;
- strings[ns] = s;
- s += wcslen(s) + 1;
+ for (ns = 0; ns < 63; ns++) {
+ if (ns < num_strings) {
+ strings[ns] = s;
+ s += wcslen(s) + 1;
+ }
+ else
+ // Sometimes the eventlog record does not provide
+ // enough strings for the message template. Causes crash...
+ // -> Fill the rest with 0 strings
+ strings[ns] = (WCHAR *)"";
}
- strings[ns] = 0; // end marker in array
+ strings[63] = 0; // end marker in array
// Windows eventlog entries refer to texts stored in a DLL >:-P
// We need to load this DLL. First we need to look up which
@@ -2901,8 +2907,8 @@ void open_crash_log()
// Threads are not allowed to access the crash_log
g_connectionlog_file = CreateFile(TEXT(g_connection_log),
- GENERIC_WRITE, // open for reading
- 0, // do not share
+ GENERIC_WRITE, // open for writing
+ FILE_SHARE_READ, // do not share
NULL, // no security
CREATE_ALWAYS, // existing file only
FILE_ATTRIBUTE_NORMAL, // normal file