Indicate project
libsysflow
Describe the bug
Long command line is truncated and sometimes filled with garbage bytes at the end.
To reproduce
Steps to reproduce the behavior:
- Start the sf-collector callback example
- Run the following command (it is a typical command executed after upgrade of ubuntu 22):
/usr/bin/grep -l reboot-required /var/lib/dpkg/info/adduser.postinst /var/lib/dpkg/info/ksh93u+m.postinst /var/lib/dpkg/info/perl-base.postinst /var/lib/dpkg/info/python3-service-identity.postinst /var/lib/dpkg/info/amd64-microcode.postinst /var/lib/dpkg/info/landscape-common.postinst /var/lib/dpkg/info/perl.postinst /var/lib/dpkg/info/python3-setuptools.postinst /var/lib/dpkg/info/apparmor.postinst /var/lib/dpkg/info/less.postinst /var/lib/dpkg/info/pinentry-curses.postinst /var/lib/dpkg/info/python3-six.postinst /var/lib/dpkg/info/apt.postinst /var/lib/dpkg/info/libc6:amd64.postinst /var/lib/dpkg/info/pkexec.postinst /var/lib/dpkg/info/python3-software-properties.postinst /var/lib/dpkg/info/autofs.postinst /var/lib/dpkg/info/libc-bin.postinst /var/lib/dpkg/info/plymouth.postinst /var/lib/dpkg/info/python3-systemd.postinst /var/lib/dpkg/info/base-files.postinst /var/lib/dpkg/info/libdebuginfod-common.postinst /var/lib/dpkg/info/plymouth-theme-ubuntu-text.postinst /var/lib/dpkg/info/python3-twisted.postinst /var/lib/dpkg/info/base-passwd.postinst /var/lib/dpkg/info/libglib2.0-0:amd64.postinst /var/lib/dpkg/info/policykit-1.postinst /var/lib/dpkg/info/python3-update-manager.postinst /var/lib/dpkg/info/bash-completion.postinst /var/lib/dpkg/info/libgssapi-krb5-2:amd64.postinst /var/lib/dpkg/info/polkitd.postinst /var/lib/dpkg/info/python3-wadllib.postinst /var/lib/dpkg/info/bash.postinst /var/lib/dpkg/info/libgstreamer1.0-0:amd64.postinst /var/lib/dpkg/info/pollinate.postinst /var/lib/dpkg/info/python3-xkit.postinst /var/lib/dpkg/info/bc.postinst /var/lib/dpkg/info/libnewt0.52:amd64.postinst /var/lib/dpkg/info/procps.postinst /var/lib/dpkg/info/python3-yaml.postinst /var/lib/dpkg/info/bolt.postinst /var/lib/dpkg/info/libnss-systemd:amd64.postinst /var/lib/dpkg/info/psmisc.postinst /var/lib/dpkg/info/python3-zipp.postinst /var/lib/dpkg/info/bsdextrautils.postinst /var/lib/dpkg/info/libpam0g:amd64.postinst /var/lib/dpkg/info/python3.10-minimal.postinst /var/lib/dpkg/info/python3-zope.interface.postinst /var/lib/dpkg/info/byobu.postinst /var/lib/dpkg/info/libpam-cap:amd64.postinst /var/lib/dpkg/info/python3.10.postinst /var/lib/dpkg/info/readline-common.postinst /var/lib/dpkg/info/ca-certificates.postinst /var/lib/dpkg/info/libpam-modules:amd64.postinst /var/lib/dpkg/info/python3-apport.postinst /var/lib/dpkg/info/rsync.postinst /var/lib/dpkg/info/cloud-initramfs-copymods.postinst /var/lib/dpkg/info/libpam-pwquality:amd64.postinst /var/lib/dpkg/info/python3-apt.postinst /var/lib/dpkg/info/rsyslog.postinst /var/lib/dpkg/info/cloud-initramfs-dyn-netconf.postinst /var/lib/dpkg/info/libpam-runtime.postinst /var/lib/dpkg/info/python3-attr.postinst /var/lib/dpkg/info/screen.postinst /var/lib/dpkg/info/console-setup-linux.postinst /var/lib/dpkg/info/libpam-systemd:amd64.postinst /var/lib/dpkg/info/python3-automat.postinst /var/lib/dpkg/info/secureboot-db.postinst /var/lib/dpkg/info/console-setup.postinst /var/lib/dpkg/info/libpython3.10-minimal:amd64.postinst /var/lib/dpkg/info/python3-bcrypt.postinst /var/lib/dpkg/info/sg3-utils-udev.postinst /var/lib/dpkg/info/coreutils.postinst /var/lib/dpkg/info/libsasl2-modules:amd64.postinst /var/lib/dpkg/info/python3-blinker.postinst /var/lib/dpkg/info/shared-mime-info.postinst /var/lib/dpkg/info/cpio.postinst /var/lib/dpkg/info/libssl3:amd64.postinst /var/lib/dpkg/info/python3-chardet.postinst /var/lib/dpkg/info/snapd.postinst /var/lib/dpkg/info/cracklib-runtime.postinst /var/lib/dpkg/info/libwrap0:amd64.postinst /var/lib/dpkg/info/python3-click.postinst /var/lib/dpkg/info/sntp.postinst /var/lib/dpkg/info/cron.postinst /var/lib/dpkg/info/linux-base.postinst /var/lib/dpkg/info/python3-colorama.postinst /var/lib/dpkg/info/software-properties-common.postinst /var/lib/dpkg/info/cryptsetup-bin.postinst /var/lib/dpkg/info/linux-firmware.postinst /var/lib/dpkg/info/python3-commandnotfound.postinst /var/lib/dpkg/info/sosreport.postinst /var/lib/dpkg/info/cryptsetup-initramfs.postinst /var/lib/dpkg/info/linux-headers-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-configobj.postinst /var/lib/dpkg/info/ssh-import-id.postinst /var/lib/dpkg/info/cryptsetup.postinst /var/lib/dpkg/info/linux-headers-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-constantly.postinst /var/lib/dpkg/info/sudo.postinst /var/lib/dpkg/info/dash.postinst /var/lib/dpkg/info/linux-image-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-cryptography.postinst /var/lib/dpkg/info/sysstat.postinst /var/lib/dpkg/info/dbus.postinst /var/lib/dpkg/info/linux-image-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-dbus.postinst /var/lib/dpkg/info/systemd-hwe-hwdb.postinst /var/lib/dpkg/info/debconf.postinst /var/lib/dpkg/info/linux-modules-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-debconf.postinst /var/lib/dpkg/info/systemd.postinst /var/lib/dpkg/info/debianutils.postinst /var/lib/dpkg/info/linux-modules-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-debian.postinst /var/lib/dpkg/info/systemd-sysv.postinst /var/lib/dpkg/info/dirmngr.postinst /var/lib/dpkg/info/linux-modules-extra-5.15.0-106-generic.postinst /var/lib/dpkg/info/python3-distro-info.postinst /var/lib/dpkg/info/tar.postinst /var/lib/dpkg/info/dmeventd.postinst /var/lib/dpkg/info/linux-modules-extra-5.15.0-97-generic.postinst /var/lib/dpkg/info/python3-distro.postinst /var/lib/dpkg/info/tcl8.6.postinst /var/lib/dpkg/info/dmsetup.postinst /var/lib/dpkg/info/locales.postinst /var/lib/dpkg/info/python3-distupgrade.postinst /var/lib/dpkg/info/tcpdump.postinst /var/lib/dpkg/info/dpkg.postinst /var/lib/dpkg/info/login.postinst /var/lib/dpkg/info/python3-distutils.postinst /var/lib/dpkg/info/thermald.postinst /var/lib/dpkg/info/e2fsprogs.postinst /var/lib/dpkg/info/logrotate.postinst /var/lib/dpkg/info/python3-gi.postinst /var/lib/dpkg/info/tmux.postinst /var/lib/dpkg/info/ed.postinst /var/lib/dpkg/info/lsb-base.postinst /var/lib/dpkg/info/python3-hamcrest.postinst /var/lib/dpkg/info/tnftp.postinst /var/lib/dpkg/info/falcon-sensor.postinst /var/lib/dpkg/info/lsb-release.postinst /var/lib/dpkg/info/python3-httplib2.postinst /var/lib/dpkg/info/tpm-udev.postinst /var/lib/dpkg/info/finalrd.postinst /var/lib/dpkg/info/lvm2.postinst /var/lib/dpkg/info/python3-hyperlink.postinst /var/lib/dpkg/info/tzdata.postinst /var/lib/dpkg/info/friendly-recovery.postinst /var/lib/dpkg/info/lxd-agent-loader.postinst /var/lib/dpkg/info/python3-idna.postinst /var/lib/dpkg/info/ubuntu-advantage-tools.postinst /var/lib/dpkg/info/fuse3.postinst /var/lib/dpkg/info/man-db.postinst /var/lib/dpkg/info/python3-importlib-metadata.postinst /var/lib/dpkg/info/ubuntu-drivers-common.postinst /var/lib/dpkg/info/fwupd.postinst /var/lib/dpkg/info/mawk.postinst /var/lib/dpkg/info/python3-incremental.postinst /var/lib/dpkg/info/ubuntu-keyring.postinst /var/lib/dpkg/info/gawk.postinst /var/lib/dpkg/info/mdadm.postinst /var/lib/dpkg/info/python3-jeepney.postinst /var/lib/dpkg/info/ubuntu-release-upgrader-core.postinst /var/lib/dpkg/info/git.postinst /var/lib/dpkg/info/modemmanager.postinst /var/lib/dpkg/info/python3-jwt.postinst /var/lib/dpkg/info/ucf.postinst /var/lib/dpkg/info/gpg-agent.postinst /var/lib/dpkg/info/motd-news-config.postinst /var/lib/dpkg/info/python3-keyring.postinst /var/lib/dpkg/info/udev.postinst /var/lib/dpkg/info/grub-common.postinst /var/lib/dpkg/info/mtr-tiny.postinst /var/lib/dpkg/info/python3-launchpadlib.postinst /var/lib/dpkg/info/udisks2.postinst /var/lib/dpkg/info/grub-gfxpayload-lists.postinst /var/lib/dpkg/info/multipath-tools.postinst /var/lib/dpkg/info/python3-lazr.restfulclient.postinst /var/lib/dpkg/info/ufw.postinst /var/lib/dpkg/info/grub-pc.postinst /var/lib/dpkg/info/nano.postinst /var/lib/dpkg/info/python3-lazr.uri.postinst /var/lib/dpkg/info/unattended-upgrades.postinst /var/lib/dpkg/info/hdparm.postinst /var/lib/dpkg/info/needrestart.postinst /var/lib/dpkg/info/python3-lib2to3.postinst /var/lib/dpkg/info/update-notifier-common.postinst /var/lib/dpkg/info/ifupdown.postinst /var/lib/dpkg/info/netbase.postinst /var/lib/dpkg/info/python3-magic.postinst /var/lib/dpkg/info/upower.postinst /var/lib/dpkg/info/info.postinst /var/lib/dpkg/info/netcat-openbsd.postinst /var/lib/dpkg/info/python3-minimal.postinst /var/lib/dpkg/info/usb-modeswitch.postinst /var/lib/dpkg/info/initramfs-tools-core.postinst /var/lib/dpkg/info/networkd-dispatcher.postinst /var/lib/dpkg/info/python3-more-itertools.postinst /var/lib/dpkg/info/usbmuxd.postinst /var/lib/dpkg/info/initramfs-tools.postinst /var/lib/dpkg/info/nftables.postinst /var/lib/dpkg/info/python3-newt:amd64.postinst /var/lib/dpkg/info/usrmerge.postinst /var/lib/dpkg/info/install-info.postinst /var/lib/dpkg/info/ntfs-3g.postinst /var/lib/dpkg/info/python3-oauthlib.postinst /var/lib/dpkg/info/util-linux.postinst /var/lib/dpkg/info/intel-microcode.postinst /var/lib/dpkg/info/ntpdate.postinst /var/lib/dpkg/info/python3-openssl.postinst /var/lib/dpkg/info/uuid-runtime.postinst /var/lib/dpkg/info/iproute2.postinst /var/lib/dpkg/info/ntp.postinst /var/lib/dpkg/info/python3-pexpect.postinst /var/lib/dpkg/info/vim-common.postinst /var/lib/dpkg/info/iptables.postinst /var/lib/dpkg/info/open-iscsi.postinst /var/lib/dpkg/info/python3-pkg-resources.postinst /var/lib/dpkg/info/vim.postinst /var/lib/dpkg/info/iputils-ping.postinst /var/lib/dpkg/info/openssh-client.postinst /var/lib/dpkg/info/python3.postinst /var/lib/dpkg/info/vim-runtime.postinst /var/lib/dpkg/info/irqbalance.postinst /var/lib/dpkg/info/openssh-server.postinst /var/lib/dpkg/info/python3-problem-report.postinst /var/lib/dpkg/info/vim-tiny.postinst /var/lib/dpkg/info/isc-dhcp-client.postinst /var/lib/dpkg/info/openssl.postinst /var/lib/dpkg/info/python3-ptyprocess.postinst /var/lib/dpkg/info/wamerican.postinst /var/lib/dpkg/info/kbd.postinst /var/lib/dpkg/info/open-vm-tools.postinst /var/lib/dpkg/info/python3-pyasn1-modules.postinst /var/lib/dpkg/info/xdg-user-dirs.postinst /var/lib/dpkg/info/keeperx.postinst /var/lib/dpkg/info/overlayroot.postinst /var/lib/dpkg/info/python3-pyasn1.postinst /var/lib/dpkg/info/xfsprogs.postinst /var/lib/dpkg/info/keyboard-configuration.postinst /var/lib/dpkg/info/packagekit.postinst /var/lib/dpkg/info/python3-pyparsing.postinst /var/lib/dpkg/info/xz-utils.postinst /var/lib/dpkg/info/klibc-utils.postinst /var/lib/dpkg/info/passwd.postinst /var/lib/dpkg/info/python3-secretstorage.postinst /var/lib/dpkg/info/kmod.postinst /var/lib/dpkg/info/pciutils.postinst /var/lib/dpkg/info/python3-serial.postinst
- Observe the log
The callback example seems to truncate the command line, but seems not affected by the garbage ending bytes.
Example of random bytes found in the exeArgs string from sysflow callback when integrating libsysflow (observe the end):
-l reboot-required /var/lib/dpkg/info/adduser.postinst /var/lib/dpkg/info/ksh93u+m.postinst /var/lib/dpkg/info/perl-base.postinst /var/lib/dpkg/info/python3-service-identity.postinst /var/lib/dpkg/info/amd64-microcode.postinst /var/lib/dpkg/info/landscape-common.postinst /var/lib/dpkg/info/perl.postinst /var/lib/dpkg/info/python3-setuptools.postinst /var/lib/dpkg/info/apparmor.postinst /var/lib/dpkg/info/less.postinst /var/lib/dpkg/info/pinentry-curses.postinst /var/lib/dpkg/info/python3-six.postinst /var/lib/dpkg/info/apt.postinst /var/lib/dpkg/info/libc6:amd64.postinst /var/lib/dpkg/info/pkexec.postinst /var/lib/dpkg/info/python3-software-properties.postinst /var/lib/dpkg/info/autofs.postinst /var/lib/dpkg/info/libc-bin.postinst /var/lib/dpkg/info/plymouth.postinst /var/lib/dpkg/info/python3-systemd.postinst /var/lib/dpkg/info/base-files.postinst /var/lib/dpkg/info/libdebuginfod-common.postinst /var/lib/dpkg/info/plymouth-theme-ubuntu-text.postinst /var/lib/dpkg/info/python3-twisted.postinst /var/lib/dpkg/info/base-passwd.postinst /var/lib/dpkg/info/libglib2.0-0:amd64.postinst /var/lib/dpkg/info/policykit-1.postinst /var/lib/dpkg/info/python3-update-manager.postinst /var/lib/dpkg/info/bash-completion.postinst /var/lib/dpkg/info/libgssapi-krb5-2:amd64.postinst /var/lib/dpkg/info/polkitd.postinst /var/lib/dpkg/info/python3-wadllib.postinst /var/lib/dpkg/info/bash.postinst /var/lib/dpkg/info/libgstreamer1.0-0:amd64.postinst /var/lib/dpkg/info/pollinate.postinst /var/lib/dpkg/info/python3-xkit.postinst /var/lib/dpkg/info/bc.postinst /var/lib/dpkg/info/libnewt0.52:amd64.postinst /var/lib/dpkg/info/procps.postinst /var/lib/dpkg/info/python3-yaml.postinst /var/lib/dpkg/info/bolt.postinst /var/lib/dpkg/info/libnss-systemd:amd64.postinst /var/lib/dpkg/info/psmisc.postinst /var/lib/dpkg/info/python3-zipp.postinst /var/lib/dpkg/info/bsdextrautils.postinst /var/lib/dpkg/info/libpam0g:amd64.postinst /var/lib/dpkg/info/python3.10-minimal.postinst /var/lib/dpkg/info/python3-zope.interface.postinst /var/lib/dpkg/info/byobu.postinst /var/lib/dpkg/info/libpam-cap:amd64.postinst /var/lib/dpkg/info/python3.10.postinst /var/lib/dpkg/info/readline-common.postinst /var/lib/dpkg/info/ca-certificates.postinst /var/lib/dpkg/info/libpam-modules:amd64.postinst /var/lib/d4-
Expected behavior
The command line is reported correctly, even truncated but without garbage bytes at the end.
Environment (please complete the following information):
- OS: ubuntu 22.04,
Linux ubuntu2204.localdomain 5.15.0-69-generic #76-Ubuntu SMP Fri Mar 17 17:19:29 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
- SysFlow version: libsysflow 0.6.3 (
/root/.falco/6.0.1+driver/x86_64/falco_ubuntu-generic_5.15.0-69-generic_76.o)
Additional context
The problem causes sporadic program crashes when the string is decoded since sometimes the garbage bytes are not valid UTF-8 codes.
Jun 10 16:15:53 ubuntu2204.localdomain test[12486]: terminate called after throwing an instance of 'nlohmann::json_abi_v3_11_2::detail::type_error'
Jun 10 16:15:53 ubuntu2204.localdomain test[12486]: what(): [json.exception.type_error.316] invalid UTF-8 byte at index 2300: 0x30
Indicate project
libsysflow
Describe the bug
Long command line is truncated and sometimes filled with garbage bytes at the end.
To reproduce
Steps to reproduce the behavior:
The callback example seems to truncate the command line, but seems not affected by the garbage ending bytes.
Example of random bytes found in the
exeArgsstring from sysflow callback when integrating libsysflow (observe the end):Expected behavior
The command line is reported correctly, even truncated but without garbage bytes at the end.
Environment (please complete the following information):
Linux ubuntu2204.localdomain 5.15.0-69-generic #76-Ubuntu SMP Fri Mar 17 17:19:29 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux/root/.falco/6.0.1+driver/x86_64/falco_ubuntu-generic_5.15.0-69-generic_76.o)Additional context
The problem causes sporadic program crashes when the string is decoded since sometimes the garbage bytes are not valid UTF-8 codes.