From afdccceefa30306cf720a27efd5a29bcc5a916c9 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 4 Dec 2008 14:09:38 +0100 Subject: security fix: imudp emitted a message when a non-permitted sender... ...tried to send a message to it. This behaviour is operator-configurable. If enabled, a message was emitted each time. That way an attacker could effectively fill the disk via this facility. The message is now emitted only once in a minute (this currently is a hard-coded limit, if someone comes up with a good reason to make it configurable, we will probably do that). --- plugins/imudp/imudp.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'plugins/imudp/imudp.c') diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c index 57c5c02d..b18c0db7 100644 --- a/plugins/imudp/imudp.c +++ b/plugins/imudp/imudp.c @@ -51,6 +51,10 @@ DEFobjCurrIf(errmsg) DEFobjCurrIf(glbl) DEFobjCurrIf(net) +static time_t ttLastDiscard = 0; /* timestamp when a message from a non-permitted sender was last discarded + * This shall prevent remote DoS when the "discard on disallowed sender" + * message is configured to be logged on occurance of such a case. + */ static int *udpLstnSocks = NULL; /* Internet datagram sockets, first element is nbr of elements * read-only after init(), but beware of restart! */ static uchar *pszBindAddr = NULL; /* IP to bind socket to */ @@ -199,8 +203,15 @@ CODESTARTrunInput } else { dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN); if(glbl.GetOption_DisallowWarning) { - errmsg.LogError(0, NO_ERRCODE, "UDP message from disallowed sender %s discarded", - (char*)fromHost); + time_t tt; + + time(&tt); + if(tt > ttLastDiscard + 60) { + ttLastDiscard = tt; + errmsg.LogError(0, NO_ERRCODE, + "UDP message from disallowed sender %s discarded", + (char*)fromHost); + } } } } -- cgit