diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2010-02-22 09:31:10 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2010-02-22 09:31:10 +0100 |
| commit | c577e9c64cec0eebf6b7c3bd964354ab90c045ae (patch) | |
| tree | 1899b41ccc57b88542e7c9e7a6891cccffdcb721 | |
| parent | f764f24baa542796776e76bb5f22fdf9d7e32f5e (diff) | |
| download | rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.tar.gz rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.tar.xz rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.zip | |
bugfix: message without MSG part could case a segfault
[backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f]
This actually was a "recent" regression, but I did not realize that it
was introduced by the performance optimization in v4-devel. Shame on
me for having two devel versions at the same time...
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | runtime/msg.c | 15 | ||||
| -rw-r--r-- | tests/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/testsuites/oversizeTag-1.parse1 | 5 | ||||
| -rw-r--r-- | tests/testsuites/weird.parse1 | 5 | ||||
| -rw-r--r-- | tools/syslogd.c | 6 |
6 files changed, 27 insertions, 10 deletions
@@ -1,3 +1,8 @@ +- bugfix: message without MSG part could case a segfault + [backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f] + This actually was a "recent" regression, but I did not realize that it + was introduced by the performance optimization in v4-devel. Shame on + me for having two devel versions at the same time... --------------------------------------------------------------------------- Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10 - enhanced doc for using PostgreSQL diff --git a/runtime/msg.c b/runtime/msg.c index 8e3ad314..70207075 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -1171,7 +1171,7 @@ uchar *getMSG(msg_t *pM) if(pM == NULL) ret = UCHAR_CONSTANT(""); else { - if(pM->offMSG == -1) + if(pM->iLenMSG == 0) ret = UCHAR_CONSTANT(""); else ret = pM->pszRawMsg + pM->offMSG; @@ -1947,12 +1947,20 @@ void MsgSetHOSTNAME(msg_t *pThis, uchar* pszHOSTNAME, int lenHOSTNAME) /* set the offset of the MSG part into the raw msg buffer + * Note that the offset may be higher than the length of the raw message + * (exactly by one). This can happen if we have a message that does not + * contain any MSG part. */ void MsgSetMSGoffs(msg_t *pMsg, short offs) { ISOBJ_TYPE_assert(pMsg, msg); - pMsg->iLenMSG = pMsg->iLenRawMsg - offs; pMsg->offMSG = offs; + if(offs > pMsg->iLenRawMsg) { + assert(offs - 1 == pMsg->iLenRawMsg); + pMsg->iLenMSG = 0; + } else { + pMsg->iLenMSG = pMsg->iLenRawMsg - offs; + } } @@ -1986,7 +1994,8 @@ rsRetVal MsgReplaceMSG(msg_t *pThis, uchar* pszMSG, int lenMSG) pThis->pszRawMsg = bufNew; } - memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); + if(lenMSG > 0) + memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); pThis->pszRawMsg[lenNew] = '\0'; /* this also works with truncation! */ pThis->iLenRawMsg = lenNew; pThis->iLenMSG = lenMSG; diff --git a/tests/Makefile.am b/tests/Makefile.am index 7adebfac..7cc25e41 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -79,6 +79,7 @@ EXTRA_DIST= 1.rstest 2.rstest 3.rstest err1.rstest \ testsuites/2.parse1 \ testsuites/3.parse1 \ testsuites/oversizeTag-1.parse1 \ + testsuites/weird.parse1 \ testsuites/date1.parse1 \ testsuites/date2.parse1 \ testsuites/date3.parse1 \ diff --git a/tests/testsuites/oversizeTag-1.parse1 b/tests/testsuites/oversizeTag-1.parse1 index 56510c63..d45ba1f2 100644 --- a/tests/testsuites/oversizeTag-1.parse1 +++ b/tests/testsuites/oversizeTag-1.parse1 @@ -1,3 +1,2 @@ -<38>Mar 27 19:06:53 source_server 0123456780123456780123456780123456789: MSG part -38,auth,info,Mar 27 19:06:53,source_server,0123456780123456780123456780123456789,0123456780123456780123456780123456789:, MSG part -# yet another real-life sample where we had some issues with +<38>Mar 27 19:06:53 source_server 0123456789012345678901234567890123456789: MSG part +38,auth,info,Mar 27 19:06:53,source_server,0123456789012345678901234567890123456789,0123456789012345678901234567890123456789:, MSG part diff --git a/tests/testsuites/weird.parse1 b/tests/testsuites/weird.parse1 new file mode 100644 index 00000000..bc898fd4 --- /dev/null +++ b/tests/testsuites/weird.parse1 @@ -0,0 +1,5 @@ +# some really weird samples, some of them seen in practice, +# some other deliberately generated. The main point is that they +# should not cause an abort... +<14>Aug 30 23:00:05 X4711 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +14,user,info,Aug 30 23:00:05,X4711,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/tools/syslogd.c b/tools/syslogd.c index db1e9428..3e6d51d3 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -1198,8 +1198,6 @@ int parseLegacySyslogMsg(msg_t *pMsg, int flags) assert(pMsg != NULL); assert(pMsg->pszRawMsg != NULL); lenMsg = pMsg->iLenRawMsg - (pMsg->offAfterPRI + 1); -RUNLOG_VAR("%d", pMsg->offAfterPRI); -RUNLOG_VAR("%d", lenMsg); p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */ /* Check to see if msg contains a timestamp. We start by assuming @@ -1255,16 +1253,16 @@ RUNLOG_VAR("%d", lenMsg); bTAGCharDetected = 0; if(lenMsg > 0 && flags & PARSE_HOSTNAME) { i = 0; - while(lenMsg > 0 && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.' + while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.' || p2parse[i] == '_' || p2parse[i] == '-') && i < CONF_TAG_MAXSIZE) { bufParseHOSTNAME[i] = p2parse[i]; ++i; - --lenMsg; } if(i > 0 && p2parse[i] == ' ' && isalnum(p2parse[i-1])) { /* we got a hostname! */ p2parse += i + 1; /* "eat" it (including SP delimiter) */ + lenMsg -= i + 1; bufParseHOSTNAME[i] = '\0'; MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, i); } |