cacti SNMP verbose query PHP error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cacti |
Fix Released
|
Undecided
|
Unassigned | ||
cacti (Debian) |
Fix Released
|
Unknown
|
|||
cacti (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[IMPACT]
* If you try to turn on "SNMP - Interface Statistics" on a host with SNMP facilities turned off, the current behavior of cacti is that it generates a php error instead of catching the empty result. As this behavior is basically strange user behavior, the impact is small, although multiple people report the issue. I don't think this warrants an SRU, but still my patch fixes the issue by testing for empty results (as is intended by the code) and thus allowing the php code to return normally (although still not telling you what went wrong).
[TESTCASE]
* With cacti installed and configured, go to the /cacti/host.php page (via the "devices" link on every cacti page) and select a device (e.g. localhost)
* Make sure that in the SNMP Options section the SNMP Version is set to "Not In Use"
* In the "Associated Data Queries" part, select "SNMP - Interface Statistics" in the "Add data query" drop down selection box and press "Add".
* The next screen is blank.
* In the apache error.log you will find:
PHP Fatal error: Cannot use string offset as an array in /usr/share/
* After the patch the result will be return to the host.php file, but it will show the added "SNMP - Interface Statistics" with "Success [0 Items, 0 Rows]"
[Regression Potential]
* I don't know how adding a check for emptyness of a variable that should not be empty can cause regression. Maybe somebody else can come up with one?
[Other Info]
* As mentioned before, I am not sure this issue warrants a SRU.
* Only lucid (-updates) is effected by this bug, other Ubuntu releases don't experience it.
[original report]
when adding an SNMP - Interface statistics data query, and clicking on the 'verbose list' link, I get a 500 internal error, and the following line in the apache log file:
PHP Fatal error: Cannot use string offset as an array in /usr/share/
this prevents me from having network interface statistics followed by cacti.
additional info:
# lsb_release -rd
Description: Ubuntu 10.04.3 LTS
Release: 10.04
# apt-cache policy cacti
cacti:
Installed: 0.8.7e-2ubuntu0.2
Candidate: 0.8.7e-2ubuntu0.2
Version table:
*** 0.8.7e-2ubuntu0.2 0
500 http://
500 http://
100 /var/lib/
0.8.7e-2 0
500 http://
# apt-cache policy php5
php5:
Installed: 5.3.2-1ubuntu4.11
Candidate: 5.3.2-1ubuntu4.11
Version table:
*** 5.3.2-1ubuntu4.11 0
500 http://
500 http://
100 /var/lib/
5.3.2-1ubuntu4 0
500 http://
Related branches
CVE References
Changed in cacti (Debian): | |
status: | Unknown → Confirmed |
Changed in cacti (Debian): | |
status: | Confirmed → Fix Committed |
Changed in cacti (Debian): | |
status: | Fix Committed → Fix Released |
tags: | added: regression-update |
description: | updated |
Changed in cacti (Ubuntu Lucid): | |
status: | Incomplete → Confirmed |
description: | updated |
description: | updated |
Changed in cacti (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Thanks for your work on this. Unfortunately this was already fixed in Ubuntu 12.04.
In Debian the fix landed in 0.8.7b-2.1+lenny5 and Ubuntu precise is already at 0.8.7i-2ubuntu1.
Thanks again!