Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
rsyslog
0001-imptcp-fix-Segmentation-Fault-when-octet-c...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-imptcp-fix-Segmentation-Fault-when-octet-count-is-to.patch of Package rsyslog
From 9a3e0d83c174de6b9bb7994e4e18783bef8de670 Mon Sep 17 00:00:00 2001 From: PascalWithopf <pwithopf@adiscon.com> Date: Wed, 19 Apr 2017 13:06:30 +0200 Subject: [PATCH] imptcp: fix Segmentation Fault when octet count is to high (cherry picked from commit 0381a0de64a5a048c3d48b79055bd9848d0c7fc2) --- plugins/imptcp/imptcp.c | 14 ++++++++-- tests/imptcp-msg-truncation-on-number.sh | 37 +++++++++++++++++++++++++ tests/imptcp-msg-truncation-on-number2.sh | 45 +++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 2 deletions(-) create mode 100755 tests/imptcp-msg-truncation-on-number.sh create mode 100755 tests/imptcp-msg-truncation-on-number2.sh diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 1d46e1c97..f7fb54cf8 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -873,7 +873,16 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis, if(pThis->inputState == eInOctetCnt) { if(isdigit(c)) { - pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; + if(pThis->iOctetsRemain <= 200000000) { + pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; + } else { + errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " + "frame too large (at least %d%c), change to octet stuffing", + pThis->iOctetsRemain, c); + pThis->eFraming = TCP_FRAMING_OCTET_STUFFING; + pThis->inputState = eInMsg; + } + *(pThis->pMsg + pThis->iMsg++) = c; } else { /* done with the octet count, so this must be the SP terminator */ DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); if(c != ' ') { @@ -882,9 +891,9 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis, } if(pThis->iOctetsRemain < 1) { /* TODO: handle the case where the octet count is 0! */ - DBGPRINTF("Framing Error: invalid octet count\n"); errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " "invalid octet count %d.", pThis->iOctetsRemain); + pThis->eFraming = TCP_FRAMING_OCTET_STUFFING; } else if(pThis->iOctetsRemain > iMaxLine) { /* while we can not do anything against it, we can at least log an indication * that something went wrong) -- rgerhards, 2008-03-14 @@ -895,6 +904,7 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis, "max msg size is %d, truncating...", pThis->iOctetsRemain, iMaxLine); } pThis->inputState = eInMsg; + pThis->iMsg = 0; } } else { assert(pThis->inputState == eInMsg); diff --git a/tests/imptcp-msg-truncation-on-number.sh b/tests/imptcp-msg-truncation-on-number.sh new file mode 100755 index 000000000..e46486bdf --- /dev/null +++ b/tests/imptcp-msg-truncation-on-number.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# addd 2017-03-01 by RGerhards, released under ASL 2.0 + +. $srcdir/diag.sh init +. $srcdir/diag.sh generate-conf +. $srcdir/diag.sh add-conf ' +$MaxMessageSize 128 +global(processInternalMessages="on") +module(load="../plugins/imptcp/.libs/imptcp") +input(type="imptcp" port="13514") + +action(type="omfile" file="rsyslog.out.log") + +' +. $srcdir/diag.sh startup +. $srcdir/diag.sh tcpflood -m1 -M "\"<120> 2011-03-01T11:22:12Z host tag: this is a way too long message that has to be truncatedtest1 test2 test3 test4 test5 ab +9876543210 cdefghijklmn test8 test9 test10 test11 test12 test13 test14 test15 kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk tag: testtestetstetstetstetstetsstetstetsytetestetste\"" +. $srcdir/diag.sh shutdown-when-empty +. $srcdir/diag.sh wait-shutdown + +grep "Framing Error.*change to octet stuffing" rsyslog.out.log > /dev/null +if [ $? -ne 0 ]; then + echo + echo "FAIL: expected error message from imptcp truncation not found. rsyslog.out.log is:" + cat rsyslog.out.log + . $srcdir/diag.sh error-exit 1 +fi + +grep " 9876543210 cdefghijklmn test8 test9 test10 test11 test12 test13 test14 test15 kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk tag: testtestets" rsyslog.out.log > /dev/null +if [ $? -ne 0 ]; then + echo + echo "FAIL: expected error message from imptcp truncation not found. rsyslog.out.log is:" + cat rsyslog.out.log + . $srcdir/diag.sh error-exit 1 +fi + +. $srcdir/diag.sh exit diff --git a/tests/imptcp-msg-truncation-on-number2.sh b/tests/imptcp-msg-truncation-on-number2.sh new file mode 100755 index 000000000..15c5aab15 --- /dev/null +++ b/tests/imptcp-msg-truncation-on-number2.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# addd 2017-03-01 by RGerhards, released under ASL 2.0 + +. $srcdir/diag.sh init +. $srcdir/diag.sh generate-conf +. $srcdir/diag.sh add-conf ' +$MaxMessageSize 128 +global(processInternalMessages="on") +module(load="../plugins/imptcp/.libs/imptcp") +input(type="imptcp" port="13514" ruleset="ruleset1") + +template(name="templ1" type="string" string="%rawmsg%\n") +ruleset(name="ruleset1") { + action(type="omfile" file="rsyslog.out.log" template="templ1") +} + +' +. $srcdir/diag.sh startup +. $srcdir/diag.sh tcpflood -m2 -M "\"41 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"214000000000 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"41 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"214000000000 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"41 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"2000000010 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"4000000000 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh tcpflood -m1 -M "\"0 <120> 2011-03-01T11:22:12Z host msgnum:1\"" +. $srcdir/diag.sh shutdown-when-empty +. $srcdir/diag.sh wait-shutdown + +echo '<120> 2011-03-01T11:22:12Z host msgnum:1 +<120> 2011-03-01T11:22:12Z host msgnum:1 +214000000000 <120> 2011-03-01T11:22:12Z host msgnum:1 +<120> 2011-03-01T11:22:12Z host msgnum:1 +214000000000 <120> 2011-03-01T11:22:12Z host msgnum:1 +<120> 2011-03-01T11:22:12Z host msgnum:1 +2000000010 <120> 2011-03-01T11:22:12Z host msgnum:1 +4000000000 <120> 2011-03-01T11:22:12Z host msgnum:1 +<120> 2011-03-01T11:22:12Z host msgnum:1' | cmp rsyslog.out.log +if [ ! $? -eq 0 ]; then + echo "invalid response generated, rsyslog.out.log is:" + cat rsyslog.out.log + . $srcdir/diag.sh error-exit 1 +fi; + +. $srcdir/diag.sh exit -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor