diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2009-10-09 14:48:25 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2009-10-09 14:48:25 +0200 |
| commit | 3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6 (patch) | |
| tree | 8b76bc61e81809659f8b4eabfd9f8f6d2381b06f | |
| parent | ec56b763b83677d1e9cd02a7ae610caf62e902bb (diff) | |
| download | rsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.tar.gz rsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.tar.xz rsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.zip | |
bugfix: potential segfault on messages with empty MSG part.
This was a recently introduced regression.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | runtime/msg.c | 17 | ||||
| -rw-r--r-- | tools/syslogd.c | 6 |
3 files changed, 18 insertions, 7 deletions
@@ -1,5 +1,7 @@ --------------------------------------------------------------------------- Version 5.3.2 [DEVEL] (rgerhards), 2009-10-?? +- bugfix: potential segfault on messages with empty MSG part. This was a + recently introduced regression. - bugfix: debug string larger than 1K were improperly displayed. Max size is now 32K, and if a string is even longer it is meaningful truncated. --------------------------------------------------------------------------- diff --git a/runtime/msg.c b/runtime/msg.c index 5a33837f..2c1af27e 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -1177,7 +1177,7 @@ uchar *getMSG(msg_t *pM) if(pM == NULL) ret = UCHAR_CONSTANT(""); else { - if(pM->offMSG == -1) + if(pM->iLenMSG == 0) ret = UCHAR_CONSTANT(""); else ret = pM->pszRawMsg + pM->offMSG; @@ -1953,12 +1953,22 @@ void MsgSetHOSTNAME(msg_t *pThis, uchar* pszHOSTNAME, int lenHOSTNAME) /* set the offset of the MSG part into the raw msg buffer + * Note that the offset may be higher than the length of the raw message + * (exactly by one). This can happen if we have a message that does not + * contain any MSG part. */ void MsgSetMSGoffs(msg_t *pMsg, short offs) { +BEGINfunc ISOBJ_TYPE_assert(pMsg, msg); - pMsg->iLenMSG = pMsg->iLenRawMsg - offs; pMsg->offMSG = offs; + if(offs > pMsg->iLenRawMsg) { + assert(offs - 1 == pMsg->iLenRawMsg); + pMsg->iLenMSG = 0; + } else { + pMsg->iLenMSG = pMsg->iLenRawMsg - offs; + } +ENDfunc } @@ -1992,7 +2002,8 @@ rsRetVal MsgReplaceMSG(msg_t *pThis, uchar* pszMSG, int lenMSG) pThis->pszRawMsg = bufNew; } - memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); + if(lenMSG > 0) + memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); pThis->pszRawMsg[lenNew] = '\0'; /* this also works with truncation! */ pThis->iLenRawMsg = lenNew; pThis->iLenMSG = lenMSG; diff --git a/tools/syslogd.c b/tools/syslogd.c index 0f4f8a23..3dc2d230 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -1205,8 +1205,6 @@ int parseLegacySyslogMsg(msg_t *pMsg, int flags) assert(pMsg != NULL); assert(pMsg->pszRawMsg != NULL); lenMsg = pMsg->iLenRawMsg - (pMsg->offAfterPRI + 1); -RUNLOG_VAR("%d", pMsg->offAfterPRI); -RUNLOG_VAR("%d", lenMsg); p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */ /* Check to see if msg contains a timestamp. We start by assuming @@ -1262,16 +1260,16 @@ RUNLOG_VAR("%d", lenMsg); bTAGCharDetected = 0; if(lenMsg > 0 && flags & PARSE_HOSTNAME) { i = 0; - while(lenMsg > 0 && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.' + while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.' || p2parse[i] == '_' || p2parse[i] == '-') && i < CONF_TAG_MAXSIZE) { bufParseHOSTNAME[i] = p2parse[i]; ++i; - --lenMsg; } if(i > 0 && p2parse[i] == ' ' && isalnum(p2parse[i-1])) { /* we got a hostname! */ p2parse += i + 1; /* "eat" it (including SP delimiter) */ + lenMsg -= i + 1; bufParseHOSTNAME[i] = '\0'; MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, i); } |