[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: read_nmapg.c (HEAD) read_syslog.c (HEAD) read_win_el.c (HEAD) [dcid]
- To: dancid@xxxxxxxxxxxxxxx
- Subject: [ossec-dev] ossec-hids: read_nmapg.c (HEAD) read_syslog.c (HEAD) read_win_el.c (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Mon, 11 Sep 2006 23:04:37 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 06/09/11 23:04:35
Modified files:
read_nmapg.c read_syslog.c read_win_el.c
Log message:
Description: Lots, lots of changes. Increasing maximum size payload from 1024 to 6k (it applies for remote messages, logs, etc). Still need a more careful testing and review.
Reviewed by: dcid (initial review only)
Bug:
Index: read_nmapg.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/read_nmapg.c,v
diff -u -r1.4 -r1.5
--- read_nmapg.c 21 Jul 2006 02:45:58 -0000 1.4
+++ read_nmapg.c 12 Sep 2006 02:04:34 -0000 1.5
@@ -147,7 +147,7 @@
int need_clear = 0;
int __rc = 0;
- char str[OS_MAXSTR_2 + 1];
+ char str[OS_MAXSTR + 1];
char final_msg[OS_MAXSTR + 1];
char buffer[OS_MAXSTR + 1];
char port[17];
@@ -157,14 +157,14 @@
char *p;
char *q;
- str[OS_MAXSTR_2] = '\0';
+ str[OS_MAXSTR] = '\0';
final_msg[OS_MAXSTR] = '\0';
buffer[OS_MAXSTR] = '\0';
port[16] = '\0';
proto[16] = '\0';
- while(fgets(str, OS_MAXSTR_2 -1, logff[pos].fp) != NULL)
+ while(fgets(str, OS_MAXSTR -OS_LOG_HEADER, logff[pos].fp) != NULL)
{
/* If need clear is set, we need to clear the line */
if(need_clear)
Index: read_syslog.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/read_syslog.c,v
diff -u -r1.18 -r1.19
--- read_syslog.c 9 Sep 2006 20:06:54 -0000 1.18
+++ read_syslog.c 12 Sep 2006 02:04:34 -0000 1.19
@@ -1,6 +1,6 @@
-/* $OSSEC, read_syslog.c, v0.3, 2005/08/24, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -36,7 +36,7 @@
/* Getting initial file location */
fgetpos(logff[pos].fp, &fp_pos);
- while(fgets(str, OS_MAXSTR - 64, logff[pos].fp) != NULL)
+ while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
/* Getting the last occurence of \n */
if ((p = strrchr(str, '\n')) != NULL)
@@ -47,7 +47,7 @@
/* If we didn't get the new line, because the
* size is large, send what we got so far.
*/
- else if(strlen(str) >= (OS_MAXSTR - 66))
+ else if(strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2))
{
/* Message size > maximum allowed */
__ms = 1;
@@ -92,7 +92,7 @@
if(__ms)
{
merror("%s: Large message size: '%s'", ARGV0, str);
- while(fgets(str, OS_MAXSTR - 36, logff[pos].fp) != NULL)
+ while(fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL)
{
/* Getting the last occurence of \n */
if ((p = strrchr(str, '\n')) != NULL)
Index: read_win_el.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/logcollector/read_win_el.c,v
diff -u -r1.5 -r1.6
--- read_win_el.c 12 May 2006 17:10:26 -0000 1.5
+++ read_win_el.c 12 Sep 2006 02:04:34 -0000 1.6
@@ -1,4 +1,4 @@
-/* $OSSEC, read_win_el.c, v0.1, 2006/04/04, Daniel B. Cid$ */
+/* @(#) $Id$ */
/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
@@ -94,12 +94,12 @@
{
HKEY key;
DWORD ret;
- char keyname[256];
+ char keyname[512];
- keyname[255] = '\0';
+ keyname[511] = '\0';
- snprintf(keyname, 254,
+ snprintf(keyname, 510,
"System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
evt_name,
source);
@@ -228,21 +228,21 @@
char *computer_name;
char *descriptive_msg;
- char el_user[257];
- char el_domain[257];
- char el_string[1025];
- char final_msg[1024];
- LPSTR el_sstring[57];
+ char el_user[OS_FLSIZE +1];
+ char el_domain[OS_FLSIZE +1];
+ char el_string[OS_MAXSTR +1];
+ char final_msg[OS_MAXSTR +1];
+ LPSTR el_sstring[OS_FLSIZE +1];
/* Er must point to the mbuffer */
el->er = (EVENTLOGRECORD *) &mbuffer;
/* Zeroing the last values */
- el_string[1024] = '\0';
- el_user[256] = '\0';
- el_domain[256] = '\0';
- final_msg[1023] = '\0';
- el_sstring[56] = NULL;
+ el_string[OS_MAXSTR] = '\0';
+ el_user[OS_FLSIZE] = '\0';
+ el_domain[OS_FLSIZE] = '\0';
+ final_msg[OS_MAXSTR] = '\0';
+ el_sstring[OS_FLSIZE] = NULL;
/* Reading the event log */
while(ReadEventLog(el->h,
@@ -269,7 +269,7 @@
/* We must have some description */
if(el->er->NumStrings)
{
- size_left = 1020;
+ size_left = OS_MAXSTR - OS_SIZE_1024;
sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
el_string[0] = '\0';
@@ -285,7 +285,7 @@
str_size = strlen(sstr);
strncat(el_string, sstr, size_left);
- tmp_str= strchr(el_string, '\0');
+ tmp_str = strchr(el_string, '\0');
if(tmp_str)
{
*tmp_str = ' ';
@@ -297,7 +297,10 @@
el_sstring[nstr] = (LPSTR)sstr;
sstr = strchr( (LPSTR)sstr, '\0');
- sstr++;
+ if(sstr)
+ sstr++;
+ else
+ break;
}
/* Get a more descriptive message (if available) */
@@ -325,7 +328,7 @@
}
else
{
- strncpy(el_string, "(no message)", 1020);
+ strncpy(el_string, "(no message)", 128);
}
@@ -360,10 +363,10 @@
DWORD _evtid = 65535;
int id = (int)el->er->EventID & _evtid;
- final_msg[892] = '\0';
- final_msg[893] = '\0';
+ final_msg[OS_MAXSTR - OS_LOG_HEADER] = '\0';
+ final_msg[OS_MAXSTR - OS_LOG_HEADER -1] = '\0';
- snprintf(final_msg, 892,
+ snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER -1,
"WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s\n",
el->name,
category,
@@ -373,13 +376,6 @@
el_domain,
computer_name,
descriptive_msg != NULL?descriptive_msg:el_string);
-
- if(strlen(final_msg) >= 890)
- {
- final_msg[888] = '\n';
- final_msg[889] = '\0';
- final_msg[890] = '\0';
- }
if(SendMSG(logr_queue, final_msg, "WinEvtLog",
LOCALFILE_MQ) < 0)
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.