Bug 483782

Summary: webalizer segfaults on certain access_log lines
Product: Red Hat Enterprise Linux 5 Reporter: Thomas J. Baker <tjb>
Component: webalizerAssignee: Joe Orton <jorton>
Status: CLOSED CURRENTRELEASE QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 5.3CC: jkaluza
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-23 11:48:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
tgz of a directory containg access_log and webalizer.conf file none

Description Thomas J. Baker 2009-02-03 16:12:03 UTC 
Webalizer was segfaulting. Turns out it was segfaulting on access_log lines like these:


66.249.67.203 - - [29/Jan/2009:09:34:35 -0500] "GET /~mwl+blu HTTP/1.1" 301 326 "-" "Nokia6820/2.0 (4.83) Profile/MIDP-1.0 Configuration/CLDC-1.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"
66.249.67.203 - - [29/Jan/2009:09:34:37 -0500] "GET /~mwl+blu HTTP/1.1" 200 18817
66.249.67.203 - - [29/Jan/2009:09:34:38 -0500] "GET /~mwl+gnupg HTTP/1.1" 301 328 "-" "Nokia6820/2.0 (4.83) Profile/MIDP-1.0 Configuration/CLDC-1.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"
66.249.67.203 - - [29/Jan/2009:09:34:40 -0500] "GET /~mwl+gnupg HTTP/1.1" 200 18855

The currently provided version is webalizer-2.01_10-30.1.i386. Hand compiling the latest version 2.21-02 fixed the segfaults.

I can provide real data files if necessary.
Comment 1 Joe Orton 2009-02-03 16:47:44 UTC 
Yes, if you could provide a complete data file which triggers this, that would be great, thanks.
Comment 2 Thomas J. Baker 2009-02-03 21:44:06 UTC 
Created attachment 330783 [details]
tgz of a directory containg access_log and webalizer.conf file

If you untar this, cd to webalizer_segfault, and run 'webalizer -c webalizer.conf', it should segfault due to the contents of access_log.
Comment 3 Joe Orton 2009-02-04 20:57:04 UTC 
Yup, I can reproduce that, thanks a lot.
Comment 4 Jan Kaluža 2013-01-23 11:48:21 UTC 
This is fixed in webalizer in RHEL6. It's unlikely this bug will be fixed in RHEL5, so I'm closing it as CLOSED CURRENTRELEASE.