From 3a0060c6eb7ae71221a6d08248af2fb356202583 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 10 Apr 2008 08:43:53 +0200 Subject: bugfix: omsnmp had a too-small sized buffer for hostname+port. This could not lead to a segfault, as snprintf() was used, but could cause some trouble with extensively long hostnames. --- ChangeLog | 5 +++++ configure.ac | 2 +- plugins/omsnmp/omsnmp.c | 53 +++++++++++++++++++++++++++++-------------------- rsyslog.h | 2 ++ 4 files changed, 39 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70ef3c06..00ec3f12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ --------------------------------------------------------------------------- Version 3.14.2 (rgerhards), 2008-04-?? +- bugfix: omsnmp had a too-small sized buffer for hostname+port. This + could not lead to a segfault, as snprintf() was used, but could cause + some trouble with extensively long hostnames. +--------------------------------------------------------------------------- +Version 3.14.2 (rgerhards), 2008-04-09 - bugfix: segfault with expression-based filters - bugfix: omsnmp did not deref errmsg object on exit (no bad effects caused) - some cleanup diff --git a/configure.ac b/configure.ac index e2bda201..30f31691 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[3.14.2],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[3.14.3],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([syslogd.c]) AC_CONFIG_HEADERS([config.h]) diff --git a/plugins/omsnmp/omsnmp.c b/plugins/omsnmp/omsnmp.c index 1deb9d62..161ec073 100644 --- a/plugins/omsnmp/omsnmp.c +++ b/plugins/omsnmp/omsnmp.c @@ -74,32 +74,34 @@ static int iSpecificType = 0; static int iTrapType = SNMP_TRAP_ENTERPRISESPECIFIC;/*Default is SNMP_TRAP_ENTERPRISESPECIFIC */ /* Possible Values - SNMP_TRAP_COLDSTART (0) - SNMP_TRAP_WARMSTART (1) - SNMP_TRAP_LINKDOWN (2) - SNMP_TRAP_LINKUP (3) - SNMP_TRAP_AUTHFAIL (4) - SNMP_TRAP_EGPNEIGHBORLOSS (5) + SNMP_TRAP_COLDSTART (0) + SNMP_TRAP_WARMSTART (1) + SNMP_TRAP_LINKDOWN (2) + SNMP_TRAP_LINKUP (3) + SNMP_TRAP_AUTHFAIL (4) + SNMP_TRAP_EGPNEIGHBORLOSS (5) SNMP_TRAP_ENTERPRISESPECIFIC (6) */ typedef struct _instanceData { uchar szTransport[OMSNMP_MAXTRANSPORLENGTH+1]; /* Transport - Can be udp, tcp, udp6, tcp6 and other types supported by NET-SNMP */ - uchar szTarget[MAXHOSTNAMELEN+1]; /* IP/hostname of Snmp Target*/ - uchar szTargetAndPort[MAXHOSTNAMELEN+1]; /* IP/hostname + Port,needed format for SNMP LIB */ + uchar *szTarget; /* IP/hostname of Snmp Target*/ + uchar *szTargetAndPort; /* IP/hostname + Port,needed format for SNMP LIB */ uchar szCommunity[OMSNMP_MAXCOMMUNITYLENGHT+1]; /* Snmp Community */ uchar szEnterpriseOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp Enterprise OID - default is (1.3.6.1.4.1.3.1.1 = enterprises.cmu.1.1) */ uchar szSnmpTrapOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp Trap OID - default is (1.3.6.1.4.1.19406.1.2.1 = ADISCON-MONITORWARE-MIB::syslogtrap) */ - uchar szSyslogMessageOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp OID used for the Syslog Message - default is 1.3.6.1.4.1.19406.1.1.2.1 - ADISCON-MONITORWARE-MIB::syslogMsg - * You will need the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side in order to decode this mib. - * Downloads of these mib files can be found here: - * http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt - * http://www.adiscon.org/download/ADISCON-MIB.txt - */ - int iPort; /* Target Port */ - int iSNMPVersion; /* SNMP Version to use */ - int iTrapType; /* Snmp TrapType or GenericType */ - int iSpecificType; /* Snmp Specific Type */ + uchar szSyslogMessageOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp OID used for the Syslog Message: + * default is 1.3.6.1.4.1.19406.1.1.2.1 - ADISCON-MONITORWARE-MIB::syslogMsg + * You will need the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver + * side in order to decode this mib. + * Downloads of these mib files can be found here: + * http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt + * http://www.adiscon.org/download/ADISCON-MIB.txt + */ + int iPort; /* Target Port */ + int iSNMPVersion; /* SNMP Version to use */ + int iTrapType; /* Snmp TrapType or GenericType */ + int iSpecificType; /* Snmp Specific Type */ netsnmp_session *snmpsession; /* Holds to SNMP Session, NULL if not initialized */ } instanceData; @@ -313,8 +315,7 @@ ENDtryResume BEGINdoAction CODESTARTdoAction /* Abort if the STRING is not set, should never happen */ - if (ppString[0] == NULL) - { + if (ppString[0] == NULL) { ABORT_FINALIZE(RS_RET_INVALID_PARAMS); } @@ -327,10 +328,17 @@ BEGINfreeInstance CODESTARTfreeInstance /* free snmp Session here */ omsnmp_exitSession(pData); + + if(pData->szTarget != NULL) + free(pData->szTarget); + if(pData->szTargetAndPort != NULL) + free(pData->szTargetAndPort); + ENDfreeInstance BEGINparseSelectorAct + uchar szTargetAndPort[MAXHOSTNAMELEN+128]; /* work buffer for specifying a full target and port string */ CODESTARTparseSelectorAct CODE_STD_STRING_REQUESTparseSelectorAct(1) if(!strncmp((char*) p, ":omsnmp:", sizeof(":omsnmp:") - 1)) { @@ -359,7 +367,7 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) ABORT_FINALIZE( RS_RET_PARAM_ERROR ); } else { /* Copy Target */ - strncpy( (char*) pData->szTarget, (char*) pszTarget, strlen((char*) pszTarget) ); + CHKmalloc(pData->szTarget = (uchar*) strdup((char*)pszTarget)); } /* Copy Community */ @@ -412,7 +420,8 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) pData->iTrapType = iTrapType; /* Create string for session peername! */ - snprintf( (char*) pData->szTargetAndPort, sizeof(pData->szTargetAndPort) / sizeof(char), "%s:%s:%d", pData->szTransport, pData->szTarget, pData->iPort ); + snprintf((char*)szTargetAndPort, sizeof(szTargetAndPort), "%s:%s:%d", pData->szTransport, pData->szTarget, pData->iPort); + CHKmalloc(pData->szTargetAndPort = (uchar*)strdup((char*)szTargetAndPort)); /* Print Debug info */ dbgprintf("SNMPTransport: %s\n", pData->szTransport); diff --git a/rsyslog.h b/rsyslog.h index 01329aaf..f0df7391 100644 --- a/rsyslog.h +++ b/rsyslog.h @@ -181,6 +181,8 @@ typedef enum rsRetVal_ rsRetVal; /**< friendly type for global return value */ #define CHKiRet(code) if((iRet = code) != RS_RET_OK) goto finalize_it /* macro below is to be used if we need our own handling, eg for cleanup */ #define CHKiRet_Hdlr(code) if((iRet = code) != RS_RET_OK) +/* macro below is to handle failing malloc/calloc/strdup... which we almost always handle in the same way... */ +#define CHKmalloc(operation) if((operation) == NULL) ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY) /* macro below is used in conjunction with CHKiRet_Hdlr, else use ABORT_FINALIZE */ #define FINALIZE goto finalize_it; #define DEFiRet BEGINfunc rsRetVal iRet = RS_RET_OK -- cgit