Bug 2075807 - crash when using "cmx" command with no additional parameter
Summary: crash when using "cmx" command with no additional parameter
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: sblim-wbemcli
Version: 8.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Vitezslav Crhonek
QA Contact: Evgeny Fedin
Šárka Jana
Depends On:
TreeView+ depends on / blocked
Reported: 2022-04-15 12:45 UTC by Renaud Métrich
Modified: 2022-11-08 10:46 UTC (History)
3 users (show)

Fixed In Version: sblim-wbemcli-1.6.3-16.el8
Doc Type: Bug Fix
Doc Text:
.The `cmx` operation with no parameter no longer crashes the CIM Client The `cmx` operation calls a method and returns XML, a parameter specifies the name of the called method. Previously, the command line `sblim-wbemcli` Common Information Model (CIM) Client crashed when running the `cmx` operation without an additional parameter. With this update, the `cmx` operation requires the parameter that defines the name of the called method. Invoking the `cmx` operation without this parameter results in an error message, and the CIM Client no longer crashes.
Clone Of:
: 2083577 (view as bug list)
Last Closed: 2022-11-08 09:47:17 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-119057 0 None None None 2022-04-15 12:48:11 UTC
Red Hat Product Errata RHBA-2022:7596 0 None None None 2022-11-08 09:47:19 UTC

Description Renaud Métrich 2022-04-15 12:45:29 UTC
Description of problem:

When executing "cmx" command with no additional parameter, the command crashes, e.g.:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# /usr/bin/wbemcli cmx 'http://localhost/root/cimv2:Linux_zChannelMetric'
Segmentation fault (core dumped)
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This is due to not verifying "xtraStr" value before parsing it:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# gdb $(which wbemcli) core
Core was generated by `/usr/bin/wbemcli cmx http://localhost/root/cimv2:Linux_zChannelMetric'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strchr () at ../sysdeps/s390/strchr-vx.S:45
45		vlbb	%v16,0(%r2),6	/* Load s until next 4k-byte boundary.  */
(gdb) bt
#0  strchr () at ../sysdeps/s390/strchr-vx.S:45
#1  0x000002aa03a85d4c in strchr (__c=46, __s=0x0) at /usr/include/string.h:214
#2  main (argc=<optimized out>, argv=<optimized out>) at main.cpp:590
(gdb) f 2
#2  main (argc=<optimized out>, argv=<optimized out>) at main.cpp:590
590	         if ((params = strchr(xtraStr, '.')))
(gdb) p xtraStr
$1 = 0x0
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

"xtraStr" is initialized with this:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
119 int main (int argc, char *argv[]) {
120    int pos, retval = 0;
121    char *cmd, *params, *endptr, *opStr=NULL,*urlStr=NULL,*xtraStr=NULL;
217             if (n==0) opStr=*argv;
218             else if (n==1) urlStr=strdup(*argv);
219             else if (n==2) xtraStr=*argv;
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Here above, we don't iterate "n" initially through setting "opStr" (line 217), then "urlStr" (line 218) but we never set "xtraStr" because there is no more argument.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Execute the command

  # /usr/bin/wbemcli cmx 'http://localhost/root/cimv2:CIM_Service'

Actual results:

Core dump

Expected results:

No core dump

Comment 1 Vitezslav Crhonek 2022-05-02 08:01:26 UTC
Thanks, reproduced.

Comment 14 errata-xmlrpc 2022-11-08 09:47:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sblim-wbemcli bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.