Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3146

agentadmin --r agent_id can have prompt truncation with large strings on iis


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s:, 5.7.0
    • Component/s: Web Agents
    • Labels:


      Description This was spotted by compiler warning. There is a string called prompt which is too small to hold the potential incoming values. This is unlikely to ever be exceeded (it would require about a 99 level nesting structure of virtual directories and only affects cosmetics of the uninstaller.

      Install an agent on iis
      edit the instances/.agents file to contain around 200 characters
      ```agent_2 F:\5\web_agents\iis_agent\bin\..\instances\agent_2```
      agentadmin --r agent_2

      expected result
      Prompt appears normally with yes/no prompt

      Actual result
      Prompt for removal is truncated.
      F:\5\web_agents\iis_agent\bin>agentadmin --r agent_2
      Warning! This procedure will remove agent_2 configuration from IIS Site

      code analysis

      13:23:16 [Ubuntu1804x64Stream] source/admin.c:2346:94: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 219 [-Wformat-truncation=]
      13:23:16 [Ubuntu1804x64Stream]                      snprintf(prompt, sizeof (prompt), "\nWarning! This procedure will remove %s configuration from IIS Site %s."
      13:23:16 [Ubuntu1804x64Stream]                                                                                               ^~
      13:23:16 [Ubuntu1804x64Stream] In file included from /usr/include/stdio.h:862:0,
      13:23:16 [Ubuntu1804x64Stream]                  from source/platform.h:147,
      13:23:16 [Ubuntu1804x64Stream]                  from source/admin.c:9:
      13:23:16 [Ubuntu1804x64Stream] /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 94 and 604 bytes into a destination of size 256
      13:23:16 [Ubuntu1804x64Stream]    return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,


          Issue Links



              • Assignee:
                alex.levin@forgerock.com Alex Levin
                alex.levin@forgerock.com Alex Levin
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: