security fix: imudp emitted a message when a non-permitted sender...v3.20.2

...tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).

1 files changed, 13 insertions, 2 deletions

diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 57c5c02d..b18c0db7 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -51,6 +51,10 @@ DEFobjCurrIf(errmsg)
 DEFobjCurrIf(glbl)
 DEFobjCurrIf(net)
 
+static time_t ttLastDiscard = 0;	/* timestamp when a message from a non-permitted sender was last discarded
+					 * This shall prevent remote DoS when the "discard on disallowed sender"
+					 * message is configured to be logged on occurance of such a case.
+					 */
 static int *udpLstnSocks = NULL;	/* Internet datagram sockets, first element is nbr of elements
 					 * read-only after init(), but beware of restart! */
 static uchar *pszBindAddr = NULL;	/* IP to bind socket to */
@@ -199,8 +203,15 @@ CODESTARTrunInput
 						       } else {
 							       dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN);
 							       if(glbl.GetOption_DisallowWarning) {
-								       errmsg.LogError(0, NO_ERRCODE, "UDP message from disallowed sender %s discarded",
-										  (char*)fromHost);
+							       		time_t tt;
+
+									time(&tt);
+									if(tt > ttLastDiscard + 60) {
+										ttLastDiscard = tt;
+										errmsg.LogError(0, NO_ERRCODE,
+										"UDP message from disallowed sender %s discarded",
+										(char*)fromHost);
+									}
 							       }	
 						       }
 					       }