On Apr 12, 2015, at 11:19 AM, Jérémie Courrèges-Anglas <j...@wxcvbn.org> wrote:
> Eric Lalonde <eric.c.lalo...@gmail.com> writes: > >> The below diff fixes a bug in the assumptions ntop 1.1 makes about >> terminal column widths. When ntop is run on terminals with more than 257 >> columns, the printHeader() function will write a NULL byte beyond the >> end of the progName string. While I was there I converted sprintf() to >> snprintf(), since one of the variables written to the progName string is >> osName, which is ultimately populated from the output of `sh >> config.guess` during configure. I don’t believe this method guarantees >> osName can never cause progName to overflow. The patch itself is meant >> to be minimally invasive while addressing the problem. > > I took a look at your diff, but right now ntop is completely busted on > amd64 (last update I did was on Apr 5). What architecture(s) are you > using? > The patch was tested on amd64. However, depending on how hostnames are configured on your system, there is an unrelated backwards memcpy() issue that triggers SIGABORT immediately when ntop starts, which I also triggered on amd64. Perhaps this is the issue you are experiencing. I have identified the cause but not tried to patch it. >> About getting this patch upstream: I don’t see how to do that, since >> upstream has moved onto a re-write called ‘ntop-ng’. I can’t even find >> old versions of ntop there. I did look on the MASTER_SITES url. There is >> a newer version of the ntop tarball hosted there, ntop-1.2a2.tar.gz, but >> the relevant source has this issue as well. > > Given your description of the situation, I would be fine with adding > such a patch... if the existing ntop port works on amd64. :) > > Is there a reason not to move to a newer ntop release? > >> Perhaps I should just use iftop ;) > > Then perhaps we should delete ntop? ;) The code as it stands today leaves a lot to be desired. If there is general interest in ntop then a proper re-write would be the path I would advocate. If there is interest in that, I might be willing to do it, since there isn’t a lot of code in ntop. But given how easy it is to crash ntop, I doubt anyone is even using it. Nuke it from orbit?
