Date: Mon, 8 Oct 2001 08:55:40 +1000 (EST) From: Enno Davids <enno.davids@metva.com.au> To: jim@siteplus.net (Jim Weeks) Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Webalizer oddness Message-ID: <200110072255.IAA03764@metva.com.au> In-Reply-To: <Pine.BSF.4.21.0110071553330.9374-100000@veager.jwweeks.com> from Jim Weeks at "Oct 7, 1 04:06:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
| Here is where the oddness comes in. If I copy one of the log files and | delete everything before the 5th, I can do a test run which accurately shows | all traffic for the 5th through 7th. If I delete dividual days, that | works too. If the log is run in its entirety, everything after the 4th is | ignored. It may be related to a bug I saw in webalizer at work some months back. Essentially, there was (is?) a buggy version of Opera out which emitted a malformed User-Agent string. Something like: "Opera (Linux 2.x.x (Linux 2.x.x (Linux 2.x.x (Linux 2.x.x ...." When webalizer tries to process this it crashes out as the code which copies out the User Agent string uses an unprotected copy which just looks for the ')' to terminate. By adding some code stop when the UA buffer size was reached it all worked again for me. i.e. its just another buffer overrun bug, albeit without the security concerns so many other bring with them. If you like I can post some diffs when I get to work. Alternately just look through your logs for very long log lines (which are likely the culprit). It may also be that some other fields in the log processing are similarly constructed and that webalizer may be blowing up for similar reasons elsewhere in the code. Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110072255.IAA03764>