Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Winlogbeat - fix large message panic for WinXP/2003 #1498

Merged
merged 1 commit into from
Apr 27, 2016
Merged

Winlogbeat - fix large message panic for WinXP/2003 #1498

merged 1 commit into from
Apr 27, 2016

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Apr 26, 2016
edited
Loading

Fix panic when reading messages larger than 32K characters on XP and 2003.

Winlogbeat was passing the size of the buffer to Windows using number of bytes, but Windows was expecting number of TCHAR's. This made Windows return that the number of TCHARs read was greater than the number that the buffer could hold. Winlogbeat used the return value to read from the buffer which caused a 'runtime error: slice bounds out of range' panic.

The buffer length issue has been corrected by dividing by sizeof(TCHAR) which is 2. In addition a check has been added to verify that the return value from Windows is sane before using it to slice the buffer.

Reported here: https://discuss.elastic.co/t/report-a-bug-of-winlogbeat-5-0-0-alpha1-windows-32/47550

@andrewkroh
Fix panic when reading messages larger than 32K characters on Windows…
90a2a90 
… XP and 2003.

Winlogbeat was passing the size of the buffer to Windows using number of bytes, but Windows was expecting number of TCHAR's. This made Windows return that the number of TCHARs read was greater than the number that the buffer could hold. Winlogbeat used the return value to read from the buffer which caused a 'runtime error: slice bounds out of range' panic.

The buffer length issue has been corrected by dividing by sizeof(TCHAR) which is 2. In addition a check has been added to verify that the return value from Windows is sane before using it to slice the buffer.
@andrewkroh andrewkroh added bug review :Windows Winlogbeat needs_backport PR is waiting to be backported to other branches. labels Apr 26, 2016
andrewkroh
andrewkroh reviewed Apr 26, 2016
View reviewed changes
winlogbeat/sys/eventlogging/eventlogging_windows.go
&buffer[0],
uint32(len(buffer)),
&buffer[0], // Max size allowed is 64k bytes.
uint32(len(buffer)/2), // Size of buffer in TCHARS
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line was the true culprit.

@ruflin ruflin merged commit 498a22f into elastic:master Apr 27, 2016
@ruflin ruflin mentioned this pull request Apr 27, 2016
Merged
@andrewkroh andrewkroh deleted the bugfix/eventlogging-format-panic branch May 4, 2016 14:37
andrewkroh added a commit to andrewkroh/beats that referenced this pull request May 9, 2016
@andrewkroh
Backport of elastic#1498
6ac2ba0
@andrewkroh andrewkroh removed the needs_backport PR is waiting to be backported to other branches. label May 9, 2016
tsg pushed a commit that referenced this pull request May 9, 2016
@andrewkroh @tsg
Backport of #1498 (#1591)
820f0e4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug review :Windows Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewkroh @ruflin