summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2009-10-09 14:48:25 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2009-10-09 14:48:25 +0200
commit3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6 (patch)
tree8b76bc61e81809659f8b4eabfd9f8f6d2381b06f
parentec56b763b83677d1e9cd02a7ae610caf62e902bb (diff)
downloadrsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.tar.gz
rsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.tar.xz
rsyslog-3ed4b2cd3ebaf6f4c377ba2e03ef52c2e8a985b6.zip
bugfix: potential segfault on messages with empty MSG part.
This was a recently introduced regression.
-rw-r--r--ChangeLog2
-rw-r--r--runtime/msg.c17
-rw-r--r--tools/syslogd.c6
3 files changed, 18 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 1c81f3aa..a9c1ad07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
---------------------------------------------------------------------------
Version 5.3.2 [DEVEL] (rgerhards), 2009-10-??
+- bugfix: potential segfault on messages with empty MSG part. This was a
+ recently introduced regression.
- bugfix: debug string larger than 1K were improperly displayed. Max size
is now 32K, and if a string is even longer it is meaningful truncated.
---------------------------------------------------------------------------
diff --git a/runtime/msg.c b/runtime/msg.c
index 5a33837f..2c1af27e 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -1177,7 +1177,7 @@ uchar *getMSG(msg_t *pM)
if(pM == NULL)
ret = UCHAR_CONSTANT("");
else {
- if(pM->offMSG == -1)
+ if(pM->iLenMSG == 0)
ret = UCHAR_CONSTANT("");
else
ret = pM->pszRawMsg + pM->offMSG;
@@ -1953,12 +1953,22 @@ void MsgSetHOSTNAME(msg_t *pThis, uchar* pszHOSTNAME, int lenHOSTNAME)
/* set the offset of the MSG part into the raw msg buffer
+ * Note that the offset may be higher than the length of the raw message
+ * (exactly by one). This can happen if we have a message that does not
+ * contain any MSG part.
*/
void MsgSetMSGoffs(msg_t *pMsg, short offs)
{
+BEGINfunc
ISOBJ_TYPE_assert(pMsg, msg);
- pMsg->iLenMSG = pMsg->iLenRawMsg - offs;
pMsg->offMSG = offs;
+ if(offs > pMsg->iLenRawMsg) {
+ assert(offs - 1 == pMsg->iLenRawMsg);
+ pMsg->iLenMSG = 0;
+ } else {
+ pMsg->iLenMSG = pMsg->iLenRawMsg - offs;
+ }
+ENDfunc
}
@@ -1992,7 +2002,8 @@ rsRetVal MsgReplaceMSG(msg_t *pThis, uchar* pszMSG, int lenMSG)
pThis->pszRawMsg = bufNew;
}
- memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG);
+ if(lenMSG > 0)
+ memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG);
pThis->pszRawMsg[lenNew] = '\0'; /* this also works with truncation! */
pThis->iLenRawMsg = lenNew;
pThis->iLenMSG = lenMSG;
diff --git a/tools/syslogd.c b/tools/syslogd.c
index 0f4f8a23..3dc2d230 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -1205,8 +1205,6 @@ int parseLegacySyslogMsg(msg_t *pMsg, int flags)
assert(pMsg != NULL);
assert(pMsg->pszRawMsg != NULL);
lenMsg = pMsg->iLenRawMsg - (pMsg->offAfterPRI + 1);
-RUNLOG_VAR("%d", pMsg->offAfterPRI);
-RUNLOG_VAR("%d", lenMsg);
p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */
/* Check to see if msg contains a timestamp. We start by assuming
@@ -1262,16 +1260,16 @@ RUNLOG_VAR("%d", lenMsg);
bTAGCharDetected = 0;
if(lenMsg > 0 && flags & PARSE_HOSTNAME) {
i = 0;
- while(lenMsg > 0 && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.'
+ while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.'
|| p2parse[i] == '_' || p2parse[i] == '-') && i < CONF_TAG_MAXSIZE) {
bufParseHOSTNAME[i] = p2parse[i];
++i;
- --lenMsg;
}
if(i > 0 && p2parse[i] == ' ' && isalnum(p2parse[i-1])) {
/* we got a hostname! */
p2parse += i + 1; /* "eat" it (including SP delimiter) */
+ lenMsg -= i + 1;
bufParseHOSTNAME[i] = '\0';
MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, i);
}