From 3644fb4b8aa0e44c9ce8e32e04c518a538e57224 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 25 Feb 2010 14:23:02 +0100 Subject: fully integrated parser fixes from v4.6.0 This also made necessary some parser test case updates. Acutally, the test case was wrong, but I did not notice that before. --- tests/testsuites/empty.parse1 | 2 +- tests/testsuites/malformed1.parse1 | 3 ++- tools/pmrfc3164.c | 16 ++++++++++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/tests/testsuites/empty.parse1 b/tests/testsuites/empty.parse1 index 87a84c37..86a86986 100644 --- a/tests/testsuites/empty.parse1 +++ b/tests/testsuites/empty.parse1 @@ -1,3 +1,3 @@ <14>Jan 6 2009 15:22:26 localhost -14,user,info,Jan 6 15:22:26,localhost,, +14,user,info,Jan 6 15:22:26,localhost,,, #Note: there is one space after localhost, but then \n! diff --git a/tests/testsuites/malformed1.parse1 b/tests/testsuites/malformed1.parse1 index 2d95170d..a8825fe8 100644 --- a/tests/testsuites/malformed1.parse1 +++ b/tests/testsuites/malformed1.parse1 @@ -1,5 +1,6 @@ <131>Oct 8 23:05:06 10.321.1.123 05",result_code=200,b -131,local0,err,Oct 8 23:05:06,10.321.1.123,05",result_code=200,b,05",result_code=200,b +131,local0,err,Oct 8 23:05:06,10.321.1.123,05",result_code=200,b,05",result_code=200,b, # a somewhat mangeld-with real-life sample of a malformed message # the key here is not what is being parsed, but that we do not abort! # NOTE: if a parser enhancement breaks the format, this is probably OK +# also note that the above message does NOT contain a MSG part diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c index 5b684af5..38f556a2 100644 --- a/tools/pmrfc3164.c +++ b/tools/pmrfc3164.c @@ -77,12 +77,12 @@ BEGINparse int bTAGCharDetected; int i; /* general index for parsing */ uchar bufParseTAG[CONF_TAG_MAXSIZE]; - uchar bufParseHOSTNAME[CONF_TAG_HOSTNAME]; + uchar bufParseHOSTNAME[CONF_HOSTNAME_MAXSIZE]; CODESTARTparse dbgprintf("Message will now be parsed by the legacy syslog parser (one size fits all... ;)).\n"); assert(pMsg != NULL); assert(pMsg->pszRawMsg != NULL); - lenMsg = pMsg->iLenRawMsg - (pMsg->offAfterPRI + 1); + lenMsg = pMsg->iLenRawMsg - pMsg->offAfterPRI; /* note: offAfterPRI is already the number of PRI chars (do not add one!) */ p2parse = pMsg->pszRawMsg + pMsg->offAfterPRI; /* point to start of text, after PRI */ setProtocolVersion(pMsg, 0); @@ -140,12 +140,20 @@ CODESTARTparse if(lenMsg > 0 && pMsg->msgFlags & PARSE_HOSTNAME) { i = 0; while(i < lenMsg && (isalnum(p2parse[i]) || p2parse[i] == '.' || p2parse[i] == '.' - || p2parse[i] == '_' || p2parse[i] == '-') && i < CONF_TAG_MAXSIZE) { + || p2parse[i] == '_' || p2parse[i] == '-') && i < (CONF_HOSTNAME_MAXSIZE - 1)) { bufParseHOSTNAME[i] = p2parse[i]; ++i; } - if(i > 0 && p2parse[i] == ' ' && isalnum(p2parse[i-1])) { + if(i == lenMsg) { + /* we have a message that is empty immediately after the hostname, + * but the hostname thus is valid! -- rgerhards, 2010-02-22 + */ + p2parse += i; + lenMsg -= i; + bufParseHOSTNAME[i] = '\0'; + MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, i); + } else if(i > 0 && p2parse[i] == ' ' && isalnum(p2parse[i-1])) { /* we got a hostname! */ p2parse += i + 1; /* "eat" it (including SP delimiter) */ lenMsg -= i + 1; -- cgit