RubyForge: rubyRRDtool: Detail: 2927 ruby rrdtool does not sanitize user submitted strings

Bugs: Browse | Submit New | Admin

[#2927] ruby rrdtool does not sanitize user submitted strings

Date:
2005-12-02 17:23

Priority:
3

Submitted By:
Nobody

Assigned To:
Nobody (None)

Category:
None

State:
Open

Summary:
ruby rrdtool does not sanitize user submitted strings

Detailed description

ruby-rrdtool can be caused to segfault by passing some strings as arguments.
I have created a test case that involves passing strings from an outside source as the graph title.

Add A Comment:

Please login

Followup

Message

Date: 2005-12-02 17:27
Sender: Brandon Hale

run ./script/runner "i = Interface.find_by_int_id('832.1');
i.dograph('1day')"

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211585888 (LWP 19536)]
0xb7ea6456 in st_lookup () from /usr/lib/libruby1.8.so.1.8
(gdb) bt
#0  0xb7ea6456 in st_lookup () from /usr/lib/libruby1.8.so.1.8
#1  0xb7eb5d76 in rb_mod_class_variables () from
/usr/lib/libruby1.8.so.1.8
#2  0xb7eb6231 in rb_class_path () from
/usr/lib/libruby1.8.so.1.8
#3  0xb7eb6374 in rb_class_name () from
/usr/lib/libruby1.8.so.1.8
#4  0xb7eb6397 in rb_class2name () from
/usr/lib/libruby1.8.so.1.8
#5  0xb7eb6deb in rb_obj_classname () from
/usr/lib/libruby1.8.so.1.8
#6  0xb7e3db0d in rb_check_type () from
/usr/lib/libruby1.8.so.1.8
#7  0xb72e4598 in rrdtool_first (self=45, orra_idx=143503024)
at rubyrrdtool.c:391
#8  0xb72e4fe9 in rrdtool_graph (self=842217519, args=3074619404)
at rubyrrdtool.c:910
#9  0xb7e3f626 in rb_iterator_p () from
/usr/lib/libruby1.8.so.1.8
#10 0xb7e4a07c in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#11 0xb7e4ab82 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#12 0xb7e47478 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#13 0xb7e47c06 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#14 0xb7e46a43 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#15 0xb7e4a7d6 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#16 0xb7e4ab82 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#17 0xb7e47478 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#18 0xb7e53aec in rb_apply () from /usr/lib/libruby1.8.so.1.8
#19 0xb7e53fae in rb_apply () from /usr/lib/libruby1.8.so.1.8
#20 0xb7e3f64a in rb_iterator_p () from
/usr/lib/libruby1.8.so.1.8
#21 0xb7e4a07c in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#22 0xb7e4ab82 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#23 0xb7e4758b in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#24 0xb7e55492 in rb_load () from /usr/lib/libruby1.8.so.1.8
#25 0xb7e55a02 in rb_require_safe () from
/usr/lib/libruby1.8.so.1.8
#26 0xb7e55d93 in rb_f_require () from
/usr/lib/libruby1.8.so.1.8
#27 0xb7e3f626 in rb_iterator_p () from
/usr/lib/libruby1.8.so.1.8
#28 0xb7e4a07c in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#29 0xb7e4ab82 in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#30 0xb7e4758b in rb_thread_trap_eval () from
/usr/lib/libruby1.8.so.1.8
#31 0xb7e54586 in rb_eval_string () from
/usr/lib/libruby1.8.so.1.8
#32 0xb7e545d6 in ruby_exec () from /usr/lib/libruby1.8.so.1.8
#33 0xb7e56715 in ruby_run () from /usr/lib/libruby1.8.so.1.8
#34 0x080486ac in main ()
(gdb)

Date: 2005-12-02 17:26
Sender: Brandon Hale

#!/usr/bin/env ruby

require 'RRDtool'

rrd = RRDtool.new('1.rrd')

img_path = "testcase.png"
graph = String.new
test = "*** 1DC-BB AT&T ATM DS3 circ# DNEC-805752 VCI
7/51 ***"
test2 = "ATM1/0"
graph = rrd.graph([img_path,
    "--title", "#{test2} - #{test}",
    "--start" , "-1day",
    "--interlace",
    "--imgformat", "PNG",
    "--width=600",
    "--height=80",
    "--vertical-label", "bits/s",
    "DEF:in=#{rrd.rrdname}:in:AVERAGE",
    "DEF:out=#{rrd.rrdname}:out:AVERAGE",
    "CDEF:inbits=in,8,*",
    "CDEF:outbits=out,8,*",
    "CDEF:kbin=inbits,1024,/",
    "CDEF:kbout=outbits,1024,/",
    "AREA:inbits#00FF00:Bandwidth In",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "LINE1:outbits#0000FF:Bandwidth Out",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "GPRINT:kbin:LAST:Last Bandwidth In\\: %3.2lf
Kbps",
    "GPRINT:kbout:LAST:Last Bandwidth Out\\: %3.2lf
Kbps",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "COMMENT:\s",
    "GPRINT:kbin:AVERAGE:Average Bandwidth In\\: %3.2lf
Kbps",
    "GPRINT:kbout:AVERAGE:Average Bandwidth Out\\: %3.2lf
Kbps"])

Attached Files:

Name	Description	Download

No Files Currently Attached

[#2927] ruby rrdtool does not sanitize user submitted strings

Please login

Followup

Attached Files:

Changes:

No Changes Have Been Made to This Item