Increase IPSIZE for IPv6 compatibility.

[aquerubin]

Increase IPSIZE to the larger Socket API (RFC 3493) length for IPv6 compatibility.

[AdriiiPRodri]

Hi @aquerubin ,

thank you very much for your time and advice, we have to assess whether or not we should introduce this change because this may generate that throughout the Wazuh code the memory used by the system could increase greatly.

In any case we will evaluate your proposal, thank you

[aquerubin]

On Wed, 15 May 2019, Adrián Jesús Peña Rodríguez wrote: thank you very much for your time and advice, we have to assess whether or not we should introduce this change because this may generate that throughout the Wazuh code the memory used by the system could increase greatly.

This is just one of several prerequisite IPv6 patches that have already been incorporated into the ossec base code. wazuh is missing a number of IPv6 fixes when it was forked before ossec acquired the full IPv6 functionality it has now. Attacks over IPv6 are on the rise. The downside of not incorporating the missing IPv6 fixes is that wazuh will not be fully functional in dual-stack or even IPv6-only environments and will be blind to certain IPv6 based attacks and exploits. Antonio Querubin e-mail: tony@lavanauts.org

[chemamartinez]

Hi @aquerubin,

Thank you for your contribution, IPv6 compatibility is an important goal for us.

We are going to include these changes into a release project and will be merged ASAP.

Regards.

[aquerubin]

On Mon, 20 May 2019, Chema Martínez wrote: Thank you for your contribution, IPv6 compatibility is an important goal for us. We are going to include these changes into a release project and will be merged ASAP.

Thank you. The PRs submitted so far are the low-hanging fruit of missing IPv6 patches. The other missing patches are a significant refactoring of the base network code. Fortunately, they're already working in OSSEC. I hope to submit additional PRs soon as time permits. Antonio Querubin e-mail: tony@lavanauts.org

[chemamartinez]

Hi again @aquerubin,

I noticed testing the solution a bug in our code that leads to a Segmentation Fault when including your change, here you can see the valgrind report:

==20937== Syscall param socketcall.sendto(msg) points to unaddressable byte(s)
==20937==    at 0x59DFBFB: send (in /usr/lib64/libpthread-2.17.so)
==20937==    by 0x461EF8: OS_SendUnix (os_net.c:490)
==20937==    by 0x40CF77: run_notify (notify.c:142)
==20937==    by 0x4087C1: AgentdStart (agentd.c:187)
==20937==    by 0x409B56: main (main.c:179)
==20937==  Address 0x5fc87d0 is 0 bytes after a block of size 16 alloc'd
==20937==    at 0x4C2B955: calloc (vg_replace_malloc.c:711)
==20937==    by 0x40CEF7: run_notify (notify.c:138)
==20937==    by 0x4087C1: AgentdStart (agentd.c:187)
==20937==    by 0x409B56: main (main.c:179)
==20937==
==20937== Invalid write of size 1
==20937==    at 0x461E51: OS_RecvUnix (os_net.c:470)
==20937==    by 0x40CFCC: run_notify (notify.c:146)
==20937==    by 0x4087C1: AgentdStart (agentd.c:187)
==20937==    by 0x409B56: main (main.c:179)
==20937==  Address 0x5fc87ed is 29 bytes after a block of size 16 in arena "client"

It is caused because agent_ip is allocated with 16 bytes hardcoded here:

wazuh/src/client-agent/notify.c

Line 138 in 993b782

os_calloc(16,sizeof(char),agent_ip);

After that, IPSIZE is used to send and receive that IP:

wazuh/src/client-agent/notify.c

Line 142 in 993b782

if (OS_SendUnix(sock, agent_ip, IPSIZE) < 0) {

This is solved by allocating the correct size for agent_ip:

os_calloc(IPSIZE,sizeof(char),agent_ip);

And increasing the size of label_ip:

wazuh/src/client-agent/notify.c

Line 136 in 993b782

char label_ip[50];

Sorry for the inconveniences, you can include these changes to this PRs. Otherwise, we could do it before merging it.

Best regards,
Chema.

[chemamartinez]

Incompatible with

wazuh/src/client-agent/notify.c

Line 138 in 993b782

os_calloc(16,sizeof(char),agent_ip);

See more detailed description above.

[aquerubin]

Same problem corrected in win_agent.c. Antonio Querubin e-mail: tony@lavanauts.org

[chemamartinez]

Hi @aquerubin,

Thanks for the requested changes. The error disappeared so I approve the PR.

Thank you again for your contributions!

Best regards.