Merge branch 'v3-stable' into betav3.21.9

Conflicts:
	ChangeLog
	configure.ac
	doc/manual.html
	plugins/imudp/imudp.c

4 files changed, 38 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index dfd4e123..026a192a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,15 @@
 ---------------------------------------------------------------------------
+Version 3.21.9 [BETA] (rgerhards), 2008-12-04
+- re-release of 3.21.8 with an additional fix, that could also lead
+  to DoS; 3.21.8 has been removed from the official download archives
+- security fix: imudp emitted a message when a non-permitted sender
+  tried to send a message to it. This behaviour is operator-configurable.
+  If enabled, a message was emitted each time. That way an attacker could
+  effectively fill the disk via this facility. The message is now
+  emitted only once in a minute (this currently is a hard-coded limit,
+  if someone comes up with a good reason to make it configurable, we
+  will probably do that).
+---------------------------------------------------------------------------
 Version 3.21.8  [BETA] (rgerhards), 2008-12-04
 - bugfix: imklog did not compile on FreeBSD
 - security bugfix: $AllowedSender was not honored, all senders were
@@ -124,7 +135,18 @@ Version 3.21.0  [DEVEL] (rgerhards), 2008-07-18
 - imported all changes from 3.18.1 until today (some quite important,
   see below)
 ---------------------------------------------------------------------------
-Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04
+Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04
+- re-release of 3.20.1 with an additional fix, that could also lead
+  to DoS; 3.20.1 has been removed from the official download archives
+- security fix: imudp emitted a message when a non-permitted sender
+  tried to send a message to it. This behaviour is operator-configurable.
+  If enabled, a message was emitted each time. That way an attacker could
+  effectively fill the disk via this facility. The message is now
+  emitted only once in a minute (this currently is a hard-coded limit,
+  if someone comes up with a good reason to make it configurable, we
+  will probably do that).
+---------------------------------------------------------------------------
+Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04
 - security bugfix: $AllowedSender was not honored, all senders were
   permitted instead
 - enhance: regex nomatch option "ZERO" has been added
diff --git a/configure.ac b/configure.ac
index 32b8e016..9864671b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[3.21.8],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[3.21.9],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 AC_CONFIG_SRCDIR([ChangeLog])
 AC_CONFIG_HEADERS([config.h])
diff --git a/doc/manual.html b/doc/manual.html
index 5de125e3..c36faebd 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -16,7 +16,7 @@ relay chains while at the same time being very easy to setup for the
 novice user. And as we know what enterprise users really need, there is
 also <a href="professional_support.html">professional
 rsyslog support</a> available directly from the source!</p>
-<p><b>This documentation is for version 3.21.8 (beta branch) of rsyslog.</b>
+<p><b>This documentation is for version 3.21.9 (beta branch) of rsyslog.</b>
 Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current
 version information and project status.
 </p><p><b>If you like rsyslog, you might
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 4b3f9a11..e9e82b20 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -52,6 +52,10 @@ DEFobjCurrIf(glbl)
 DEFobjCurrIf(net)
 
 static int iMaxLine;			/* maximum UDP message size supported */
+static time_t ttLastDiscard = 0;	/* timestamp when a message from a non-permitted sender was last discarded
+					 * This shall prevent remote DoS when the "discard on disallowed sender"
+					 * message is configured to be logged on occurance of such a case.
+					 */
 static int *udpLstnSocks = NULL;	/* Internet datagram sockets, first element is nbr of elements
 					 * read-only after init(), but beware of restart! */
 static uchar *pszBindAddr = NULL;	/* IP to bind socket to */
@@ -200,8 +204,15 @@ CODESTARTrunInput
 						       } else {
 							       dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN);
 							       if(glbl.GetOption_DisallowWarning) {
-								       errmsg.LogError(0, NO_ERRCODE, "UDP message from disallowed sender %s discarded",
-										  (char*)fromHost);
+							       		time_t tt;
+
+									time(&tt);
+									if(tt > ttLastDiscard + 60) {
+										ttLastDiscard = tt;
+										errmsg.LogError(0, NO_ERRCODE,
+										"UDP message from disallowed sender %s discarded",
+										(char*)fromHost);
+									}
 							       }	
 						       }
 					       }