commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Dobrinin (JIRA)" <>
Subject [jira] [Commented] (DAEMON-341) prunsrv injects garbage into ImagePath
Date Fri, 04 Nov 2016 22:18:59 GMT


Mikhail Dobrinin commented on DAEMON-341:

Unfortunately I don't have access to the exact environment where this was observed. However,
here is the best information I can provide:
* I can say that I was not able to reproduce this on other machines (only on Windows Serevr
2008 not R2). Likewise, when it is reproducible, it is reproducible every time.
* We did an environment variable dump at the time and did not see anything pointing to log
files, or any non-ascii characters in the names or values (\[^\x00-\x7F\]). Note that I am
talking about the environment variables in the shell process. The actual command to reproduce
this was boiled down to the simple example you see above (without any ++Environment, --JVM,
or any other arguments).
* Each time that I saw this, it would appear that the garbage is part of a path to a log file,
but as you can can see in the above example that the "g" in "log" is changed to a "ɥ". The
full command that we would be executing in production would set the "\-\-LogPath" and "\-\-LogPrefix"
arguments and the directory to which it would point actually would usually contain log files
with dates as seen in the example "...10-08.log". However, these log files were not passed
as arguments to the prunsrv command and were not seen in the environment variable dumps. On
top of that, I was able to reproduce it with very simple commands to prunsrv that don't pass
there arguments. I am thinking they may have been incidentally been nearby in the memory and
this may be some kind of buffer overflow issue.

> prunsrv injects garbage into ImagePath
> --------------------------------------
>                 Key: DAEMON-341
>                 URL:
>             Project: Commons Daemon
>          Issue Type: Bug
>          Components: Procrun
>    Affects Versions: 1.0.15
>         Environment: Windows Server 2008 (not R2)
>            Reporter: Mikhail Dobrinin
> Here is a reproducible example that works every time:
> {noformat}
> prunsrv.exe //IS//abcd.branch2 --StartMode=jvm --StartClass=abc.abcdefghih.abcd.abcdef.abcd.MyImportantClass
--StartMethod=startService ++StartParams=abcd.branch2
> {noformat}
> The ImagePath entry for the service ends up being:
> {noformat}
> C:\path\to\prunsrv.exe 12-08.loɥ//RS//abcd.branch2
> {noformat}
> As you see, there is garbage inserted in front of the {{//RS//}} string.

This message was sent by Atlassian JIRA

View raw message