diff options
-rw-r--r-- | ChangeLog | 31 | ||||
-rw-r--r-- | plugins/imudp/imudp.c | 18 |
2 files changed, 44 insertions, 5 deletions
@@ -3,6 +3,13 @@ Version 4.1.2 [DEVEL] (rgerhards), 2008-12-04 - bugfix: code did not compile without zlib - security bugfix: $AllowedSender was not honored, all senders were permitted instead (see http://www.rsyslog.com/Article322.phtml) +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behaviour is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). - imported other changes from 3.21.8 and 3.20.1 (see there) --------------------------------------------------------------------------- Version 4.1.1 [DEVEL] (rgerhards), 2008-11-26 @@ -47,6 +54,17 @@ version before switching to this one. - bugfix: memory leak in ompgsql Thanks to Ken for providing the patch --------------------------------------------------------------------------- +Version 3.21.9 [BETA] (rgerhards), 2008-12-04 +- re-release of 3.21.8 with an additional fix, that could also lead + to DoS; 3.21.8 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behaviour is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- Version 3.21.8 [BETA] (rgerhards), 2008-12-04 - bugfix: imklog did not compile on FreeBSD - security bugfix: $AllowedSender was not honored, all senders were @@ -175,7 +193,18 @@ Version 3.21.0 [DEVEL] (rgerhards), 2008-07-18 - imported all changes from 3.18.1 until today (some quite important, see below) --------------------------------------------------------------------------- -Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04 +Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04 +- re-release of 3.20.1 with an additional fix, that could also lead + to DoS; 3.20.1 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behaviour is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- +Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04 - security bugfix: $AllowedSender was not honored, all senders were permitted instead - enhance: regex nomatch option "ZERO" has been added diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c index c2d704dc..037da56d 100644 --- a/plugins/imudp/imudp.c +++ b/plugins/imudp/imudp.c @@ -56,6 +56,10 @@ DEFobjCurrIf(net) DEFobjCurrIf(datetime) static int iMaxLine; /* maximum UDP message size supported */ +static time_t ttLastDiscard = 0; /* timestamp when a message from a non-permitted sender was last discarded + * This shall prevent remote DoS when the "discard on disallowed sender" + * message is configured to be logged on occurance of such a case. + */ static int *udpLstnSocks = NULL; /* Internet datagram sockets, first element is nbr of elements * read-only after init(), but beware of restart! */ static uchar *pszBindAddr = NULL; /* IP to bind socket to */ @@ -190,11 +194,17 @@ processSocket(int fd, struct sockaddr_storage *frominetPrev, int *pbIsPermitted, if(!*pbIsPermitted) { DBGPRINTF("%s is not an allowed sender\n", (char*)fromHostFQDN); if(glbl.GetOption_DisallowWarning) { - // TODO: add rate-limiter, otherwise we have a DoS - errmsg.LogError(0, NO_ERRCODE, "UDP message from disallowed sender %s discarded", - (char*)fromHost); + time_t tt; + + time(&tt); + if(tt > ttLastDiscard + 60) { + ttLastDiscard = tt; + errmsg.LogError(0, NO_ERRCODE, + "UDP message from disallowed sender %s discarded", + (char*)fromHost); + } } - } + } } DBGPRINTF("recv(%d,%d)/%s,acl:%d,msg:%.80s\n", fd, (int) lenRcvBuf, fromHost, *pbIsPermitted, pRcvBuf); |