Hello, I have discovered a potential crash bug in MRTG. The rateup program doesn't handle really malformed log files very well. It has an fscanf() call with two "%s" format strings that store data of arbitrary length to char name[MAXL] arrays. This causes a crash if the string fields in the log file are longer than that.
Despite being a buffer overflow, this is probably not a security problem, as outsiders can't run rateup with long enough values as far as I know. Nevertheless, I think this bug is worth fixing, as the Right Thing for a program should be not to assume anything about its input and to handle various problems well. I have attached a log file that causes this problem, as well as a patch against MRTG-2.10.15. // Ulf Harnhammar http://www.advogato.org/person/metaur/ -- Attached file removed by Ecartis and put at URL below -- -- Type: application/octet-stream -- Size: 604 bytes -- URL : http://www.ee.ethz.ch/~slist/p/crash.log -- Attached file removed by Ecartis and put at URL below -- -- Type: text/plain -- Size: 650 bytes -- URL : http://www.ee.ethz.ch/~slist/p/mrtg.patch -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/mrtg-developers
