LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-01-2015, 12:05 AM   #1
Ananda Bbau
LQ Newbie
 
Registered: May 2012
Posts: 9

Rep: Reputation: Disabled
System crash when printing log using vfprintf, request from Qualys tool


Hi All,

I am facing issue when am trying to print the message with special characters from the incoming post request of Qualys tool.

I have written small program based on the request.

#include<stdio.h>
#include<stdarg.h>
#include<string.h>

void writeformat(FILE*,char*, ...);

int main()
{
FILE *fp;
fp=fopen("file2.txt","w");

//writeformat(fp,"\222<\b qU\b\222<\b\006");
//writeformat(fp,"T!PV\020");
//writeformat(fp,"\024\031Z\020");
//writeformat(fp,"\\\227V\020");
//writeformat(fp,"\024\031Z\020");
//writeformat(fp,"$pV\020");
writeformat(fp,"TkV\020");

fclose(fp);
return(0);
}

void writeformat(FILE *stream,char *format, ...)
{
va_list args;
va_start(args,format);
vfprintf(stream,format,args);
va_end(args);
}

when i try to execute the commented lines are , the file2 has the following output:

q

T!PV


Z

\V

Z

$pV

TkV

These requests are all making crash in our product. I dont know how to check these in the incoming request and avoid it.
Is there any special functions to check and avoid it.....
Please help me to solve the issue. It is being tricky to handle it.
I must use vfprintf only to print the logs.

The requests are all from Qualys tool only.

Thanks,
G.Ananda Babu.
 
Old 08-02-2015, 05:03 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by Ananda Bbau View Post
I am facing issue when am trying to print the message with special characters from the incoming post request of Qualys tool. (..) These requests are all making crash in our product. I dont know how to check these in the incoming request and avoid it. (..) The requests are all from Qualys tool only.
With respect to "Qualys tool" messages:
- What is the purpose of these messages? Qualys is a company that sells scanning products. So is this a network / vuln / pentest scan you should block? (IDS?)
- Where do these messages originate from? (If over the network and using fixed IP (range) then block at the edge?)
- What kind of message does your application expect and in what way does this tool not adhere to protocols and other standards?

*Do realize LQ is a community effort and your (timely!) input is valuable. So please respond to any earlier threads that require closure like this one. Respond to replies if you have additional questions or else post your solution or fix and ensure you then mark the thread "solved". Thanks in advance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
System crash, doesn't save info to kern.log wybourn Linux - General 2 07-26-2010 03:37 AM
ab tool request per second kirukan Linux - Server 1 04-30-2009 01:56 PM
Script or tool to log system usage or java processes ginda Linux - General 3 03-01-2008 02:56 AM
The log before system crash Rapid_dot_dot Linux - General 1 03-10-2005 11:34 PM
which log do i check after system crash? ijsman77 Red Hat 0 08-24-2004 06:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration