Wir nutzen Cookies, um Ihnen eine optimale Nutzung dieser Webseite zu ermöglichen.Visit our Privacy Policy to learn more. Wir nehmen an, dass Sie damit einverstanden sind, falls Sie diese Webseite weiter besuchen.

Ihre Cookie-Einstellungen
Ihre Einstellungen wurden aktualisiert.
Damit die Änderungen wirksam werden, löschen Sie bitte Ihre Browser-Cookies und den Cache und laden dann die Seite neu.

Werk #5919: Windows agent crashed with a lot of transport protocols available

KomponenteChecks & Agents
TitelWindows agent crashed with a lot of transport protocols available
Datum2018-03-15 08:56:08
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.4.0p27,1.5.0b1
LevelTrivial Change
KlasseBug Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

Werk #5704 introduced querying the supported IP families (IPv4/IPv6) upon agent start. This query makes use of the WinAPI function WSCEnumProtocols. This function turned out to contain a severe bug: if the protocol buffer passed as in/out parameter is not big enough to accommodate all available transport protocols, the function corrupts the heap by writing to memory past the buffer. This violates the MSDN documentation of WSCEnumProtocols, also the example code attached to the documentation is broken.

So far, the bug has only been reported on older 32 bit systems (Windows Server 2008). However, the real extent of the problem is not known as there are no bug reports about WSCEnumProtocols publicly available to determine, if the function is broken in all Windows versions or just in some. A key factor is the number of configured/supported transport protocols: if the number grows large enough, WSCEnumProtocols causes the described buffer overflow.

Now the use of WSCEnumProtocols has been changed so that - on the contrary to the documentation in MSDN - the function is always called twice to prevent the buffer overflow by allocating the necessary buffer only after first querying the necessary buffer size.