[syslog-ng] [PATCH] Fixed compounded filter initialization.

Balazs Scheidler bazsi at balabit.hu
Fri Nov 25 13:00:32 CET 2011 

Hi,

I believe this problem has already been fixed in this patch:

commit 4b438115f6387eb52b6c39c1f751ecf0c4a5ac5f
Author: Balazs Scheidler <bazsi at balabit.hu>
Date:   Sun Oct 23 20:19:58 2011 +0200

    filters: fixed filter() evaluation when embedded as an AND/OR subexpression
    
    When introducing the "init" method for filters one case was omitted: even
    though AND and OR expressions don't want to do anything on init, their
    subexpressions might, so this patch adds an init function to AND and OR
    which does nothing but calls the same for its "left" and "right"
    subexpression.
    
    This patch fixes filter("xxx") expression evaluation when that is
    not a single expression, but rather included in an AND or OR.
    
    Reported-By: Leonid Isaev <lisaev at umail.iu.edu>
    Cc: <syslog-ng-stable at balabit.hu>
    Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>


On Sun, 2011-11-20 at 20:26 +0100, Szalay Attila wrote:
> If a filter link to an other filter an init function called to
> set up this link. But if this filter is compunded then this
> callback is not called so the filter is not initialized but
> silently evaluated to false.
> 
> For example in the following situation the f_message is always true:
> 
> filter f_auth { facility(auth, authpriv); };
> filter f_cron { facility(cron); };
> filter f_mail { facility(mail); };
> filter f_messages { not filter(f_auth) and not filter(f_cron) and not filter(f_mail); };
> 
> Signed-off-by: Szalay Attila <sasa at balabit.hu>
> ---
>  lib/filter.c |   39 +++++++++++++++++++++++++++++++++++++++
>  1 files changed, 39 insertions(+), 0 deletions(-)
> 
> differences between files attachment
> (0001-Fixed-compounded-filter-initialization.patch)
> diff --git a/lib/filter.c b/lib/filter.c
> index a551559..461f764 100644
> --- a/lib/filter.c
> +++ b/lib/filter.c
> @@ -100,12 +100,25 @@ fop_or_eval(FilterExprNode *s, LogMessage *msg)
>    return (filter_expr_eval(self->left, msg) || filter_expr_eval(self->right, msg)) ^ s->comp;
>  }
>  
> +static void
> +fop_or_init(FilterExprNode *s, GlobalConfig *cfg)
> +{
> +  FilterOp *self = (FilterOp *) s;
> +  
> +  if (self->left->init)
> +    self->left->init(self->left, cfg);
> +  
> +  if (self->right->init)
> +    self->right->init(self->right, cfg);
> +}
> +
>  FilterExprNode *
>  fop_or_new(FilterExprNode *e1, FilterExprNode *e2)
>  {
>    FilterOp *self = g_new0(FilterOp, 1);
>    
>    filter_expr_node_init(&self->super);
> +  self->super.init = fop_or_init;
>    self->super.eval = fop_or_eval;
>    self->super.free_fn = fop_free;
>    self->super.modify = e1->modify || e2->modify;
> @@ -123,12 +136,25 @@ fop_and_eval(FilterExprNode *s, LogMessage *msg)
>    return (filter_expr_eval(self->left, msg) && filter_expr_eval(self->right, msg)) ^ s->comp;
>  }
>  
> +static void
> +fop_and_init(FilterExprNode *s, GlobalConfig *cfg)
> +{
> +  FilterOp *self = (FilterOp *) s;
> +  
> +  if (self->left->init)
> +    self->left->init(self->left, cfg);
> +  
> +  if (self->right->init)
> +    self->right->init(self->right, cfg);
> +}
> +
>  FilterExprNode *
>  fop_and_new(FilterExprNode *e1, FilterExprNode *e2)
>  {
>    FilterOp *self = g_new0(FilterOp, 1);
>    
>    filter_expr_node_init(&self->super);
> +  self->super.init = fop_and_init;
>    self->super.eval = fop_and_eval;
>    self->super.free_fn = fop_free;
>    self->super.modify = e1->modify || e2->modify;
> @@ -205,12 +231,25 @@ fop_cmp_free(FilterExprNode *s)
>    g_string_free(self->right_buf, TRUE);
>  }
>  
> +static void
> +fop_cmp_init(FilterExprNode *s, GlobalConfig *cfg)
> +{
> +  FilterCmp *self = (FilterCmp *) s;
> +  
> +  if (self->left->init)
> +    self->left->init(self->left, cfg);
> +  
> +  if (self->right->init)
> +    self->right->init(self->right, cfg);
> +}
> +
>  FilterExprNode *
>  fop_cmp_new(LogTemplate *left, LogTemplate *right, gint op)
>  {
>    FilterCmp *self = g_new0(FilterCmp, 1);
>  
>    filter_expr_node_init(&self->super);
> +  self->super.init = fop_cmp_init;
>    self->super.eval = fop_cmp_eval;
>    self->super.free_fn = fop_cmp_free;
>    self->left = left;
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-- 
Bazsi

More information about the syslog-ng mailing list