The master agent can crash (on linux with signal 6 - SIGABRT) when the payload length of the subagent request is too large. This can happen if the master agent and sub agent run on a different target, have a different endianness and didn’t set the network byte order.
I didn’t find any specifications for max payload length, so I put it on 0xffff.
I modified “AgentX::receive_agentx”:
…
payloadLen = octets.decode_int(pos, netByteOrder);
// avoid SIGABRT
if (payloadLen > 0xffff)
{
return AGENTX_DISCONNECT;
}
u_char* pbuf = new u_char[payloadLen+1];
…