https://bugzilla.novell.com/show_bug.cgi?id=381125 Summary: sarg buffer overflow Product: openSUSE 10.3 Version: Final Platform: x86-64 OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: peters-novell@techwiz.ca QAContact: qa@suse.de Found By: Other I'm trying to setup sarg to report on my squid logs and to make a long story short it doesn't work. I have tracked it down to that it doesn't like some specific lines in access.log and it's enough with one line. I'm using sarg version 2.2.5-1.1 from http://download.opensuse.org/repositories/server:/proxy/openSUSE_10.3 and tried both 64 and 32bit - same problem. This is with the default squid.conf file root@defiant3:~$ cat /var/log/squid/access.log 172.21.15.102 - - [16/Apr/2008:19:14:23 -0400] "GET http://i223.photobucket.com/albums/dd89/x_Sepia/UntouchedIsleV1a.jpg HTTP/1.0" 304 404 "http://thesource.frozen-personality.com/main.html" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" TCP_IMS_HIT:NONE root@defiant3:~$ sarg -z -x SARG: Init SARG: Loading configuration from: /usr/share/sarg/sarg.conf SARG: TAG: access_log /var/log/squid/access.log SARG: TAG: font_face Tahoma,Verdana,Arial SARG: TAG: output_dir /srv/www/htdocs/squid-reports SARG: TAG: overwrite_report yes SARG: TAG: max_elapsed 28800000 SARG: TAG: show_successful_message no SARG: TAG: show_read_statistics no SARG: TAG: emselves), SARG: TAG: www_document_root /srv/www/htdocs SARG: TAG: download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg" SARG: Parameters: SARG: SARG: Hostname or IP address (-a) = SARG: Useragent log (-b) = SARG: Exclude file (-c) = SARG: Date from-until (-d) = SARG: Email address to send reports (-e) = SARG: Config file (-f) = /usr/share/sarg/sarg.conf SARG: Date format (-g) = USA (mm/dd/yyyy) SARG: IP report (-i) = No SARG: Input log (-l) = /var/log/squid/access.log SARG: Resolve IP Address (-n) = No SARG: Output dir (-o) = /srv/www/htdocs/squid-reports/ SARG: Use Ip Address instead of userid (-p) = No SARG: Accessed site (-s) = SARG: Time (-t) = SARG: User (-u) = SARG: Temporary dir (-w) = /tmp SARG: Process messages (-x) = Yes SARG: Debug messages (-z) = Yes SARG: SARG: sarg version: 2.2.5 Mar-03-2008 SARG: Maximum file descriptor: cur=1024 max=8192, changed to cur=20000 max=20000 SARG: Reading access log file: /var/log/squid/access.log SARG: (util) tbuf=2008Apr16 SARG: (util) period=2008Apr16- SARG: Records read: 1, written: 1, excluded: 0 SARG: Common log format SARG: (util) data=04/16/2008 SARG: (util) tbuf=2008Apr16 SARG: (util) period=2008Apr16-2008Apr16 SARG: Period: 2008Apr16-2008Apr16 SARG: pre-sorting files SARG: (util) dirname=/srv/www/htdocs/squid-reports/2008Apr16-2008Apr16 SARG: (util) wdir=/srv/www/htdocs/squid-reports/2008Apr16-2008Apr16 SARG: Making period file SARG: Making file: /tmp/sarg/172.21.15.102 *** buffer overflow detected ***: sarg terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0xb7e913b1] /lib/libc.so.6(__strcpy_chk+0x49)[0xb7e907f9] sarg[0x8055d25] sarg[0x8051e76] /lib/libc.so.6(__libc_start_main+0xe0)[0xb7dd1fe0] sarg[0x8049671] ======= Memory map: ======== 08048000-08084000 r-xp 00000000 08:06 892657 /usr/bin/sarg 08084000-08085000 r--p 0003b000 08:06 892657 /usr/bin/sarg 08085000-0808f000 rw-p 0003c000 08:06 892657 /usr/bin/sarg 0808f000-0825c000 rw-p 0808f000 00:00 0 [heap] b7dbb000-b7dbc000 rw-p b7dbb000 00:00 0 b7dbc000-b7ee9000 r-xp 00000000 08:06 51566 /lib/libc-2.6.1.so b7ee9000-b7eea000 r--p 0012c000 08:06 51566 /lib/libc-2.6.1.so b7eea000-b7eec000 rw-p 0012d000 08:06 51566 /lib/libc-2.6.1.so b7eec000-b7ef0000 rw-p b7eec000 00:00 0 b7f09000-b7f13000 r-xp 00000000 08:06 26970 /lib/libgcc_s.so.1 b7f13000-b7f15000 rw-p 00009000 08:06 26970 /lib/libgcc_s.so.1 b7f15000-b7f17000 rw-p b7f15000 00:00 0 b7f17000-b7f31000 r-xp 00000000 08:06 19305 /lib/ld-2.6.1.so b7f31000-b7f33000 rw-p 0001a000 08:06 19305 /lib/ld-2.6.1.so bff53000-bfff3000 rw-p bff53000 00:00 0 [stack] ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] Aborted I tried to remove offending lines but it was just to many and without knowing what the problem really is I got tired of trying. Just to confirm that it _can_ generate a report I managed to find a oneliner that works 172.21.15.102 - - [16/Apr/2008:10:39:50 -0400] "GET http://pr.atwola.com/promoimp/100223980xx1080015343/aol HTTP/1.0" 204 267 "http://www.mapquest.ca/maps/Westboro++on/" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" TCP_MISS:DIRECT So it is capable of making reports, just doesn't like the format. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.