[checkmk-commits] Check_MK Git: check_mk: FIX windows agent: fixed crash on processing eventlog records

Module: check_mk Branch: master Commit: 4d72f1b76c89ace253cf683b23db635696f5337a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4d72f1b76c89ac… Author: Andreas Boesl &lt;ab(a)mathias-kettner.de&gt; Date: Thu Jan 9 11:25:11 2014 +0100 FIX windows agent: fixed crash on processing eventlog records On some instances the check_mk_agent crashed when formatting eventlog messages. This was caused by message templates, which were specified in dll files, expecting more formatting arguments than the eventlog record provided. --- .werks/253 | 11 +++++++++++ ChangeLog | 1 + agents/windows/check_mk_agent.cc | 20 +++++++++++++------- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/.werks/253 b/.werks/253 new file mode 100644 index 0000000..a647cc6 --- /dev/null +++ b/.werks/253 @@ -0,0 +1,11 @@ +Title: windows agent: fixed crash on processing eventlog records +Level: 1 +Component: checks +Version: 1.2.5i1 +Date: 1389262775 +Class: fix + +On some instances the check_mk_agent crashed when formatting +eventlog messages. This was caused by message templates, which were +specified in dll files, expecting more formatting arguments than the +eventlog record provided. diff --git a/ChangeLog b/ChangeLog index b8c4f99..bc1eb0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -84,6 +84,7 @@ * 0442 FIX: dell_om_disks: Treat global host spare disks as OK, instead of WARN... * 0443 FIX: brocade_fcport: cope with firmware that does not provide speed information... * 0322 FIX: timemachine: Check now also works if there are spaces in the name of the backup volume or the hostname + * 0253 FIX: windows agent: fixed crash on processing eventlog records... Multisite: * 0371 Added log class filter to hostsvcevents view diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc index 34cafea..b555fdb 100755 --- a/agents/windows/check_mk_agent.cc +++ b/agents/windows/check_mk_agent.cc @@ -1199,12 +1199,18 @@ void process_eventlog_entries(SOCKET &out, const char *logname, char *buffer, DWORD num_strings = event->NumStrings; WCHAR *s = (WCHAR *)(((char *)event) + event->StringOffset); unsigned ns; - for (ns = 0; ns < num_strings; ns++) { - if (ns >= 63) break; - strings[ns] = s; - s += wcslen(s) + 1; + for (ns = 0; ns < 63; ns++) { + if (ns < num_strings) { + strings[ns] = s; + s += wcslen(s) + 1; + } + else + // Sometimes the eventlog record does not provide + // enough strings for the message template. Causes crash... + // -> Fill the rest with 0 strings + strings[ns] = (WCHAR *)""; } - strings[ns] = 0; // end marker in array + strings[63] = 0; // end marker in array // Windows eventlog entries refer to texts stored in a DLL >:-P // We need to load this DLL. First we need to look up which @@ -2901,8 +2907,8 @@ void open_crash_log() // Threads are not allowed to access the crash_log g_connectionlog_file = CreateFile(TEXT(g_connection_log), - GENERIC_WRITE, // open for reading - 0, // do not share + GENERIC_WRITE, // open for writing + FILE_SHARE_READ, // do not share NULL, // no security CREATE_ALWAYS, // existing file only FILE_ATTRIBUTE_NORMAL, // normal file