Open jrossi opened 10 years ago
ArikMaor, Thank you for reporting this bug, along with steps to reproduce. This is really helpful.
Note: This comment has been automatically migrated from Bitbucket Created by ossec on 2013-10-06 13:02:53+00:00
I checked out the code and I believe I found a way to handle it I'd love to hear your opinion
add this code in line 109 in create_db.c:
#!c
#ifdef WIN32
/* Directory links are not supported */
if (GetFileAttributes(file_name) & FILE_ATTRIBUTE_REPARSE_POINT) {
merror("%s: WARN: Links are not supported: '%s'", ARGV0, file_name);
return(-1);
}
#endif
it's inside "if(S_ISDIR(statbuf.st_mode))"
Note: This comment has been automatically migrated from Bitbucket Created by ArikMaor on 2013-10-06 16:44:44+00:00
When the ossec agent service on windows runs a syscheck scan, if there is a symbolic link that points to the same directory or a directory above it, and inifinite loop happens until the agent crashes with no error is the log and no helpful log information
reproducing:
reproducing 2 (a more 'real' use-case): add 'c:/users' to the config since 'c:\Users\Administrator\AppData\Local\Application Data' is a symbolic link to 'c:\Users\Administrator\AppData\Local' ossec will fail during the scan in the same way
Note: This issue has been automatically migrated from Bitbucket Created by ArikMaor on 2013-10-06 11:57:20+00:00, last updated: 2013-10-29 01:52:48+00:00