2009/3/17 Balazs Scheidler <bazsi@balabit.hu>:
Hi,
I've released syslog-ng OSE 2.1.4 with the following changes:
2.1.4 Tue, 17 Mar 2009 13:35:00 +0100
Bugfixes: * Fixed a possible DoS condition triggered by a destination port unreachable ICMP packet received from a UDP destination. syslog-ng started eating all available memory and CPU until it crashed if this happened.
Hi there, I'm experiencing an issue with an unreachable UDP destination. CPU is at 100% because of syslog-ng, and strace gives: poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117195) = 1 ([{fd=30, revents=POLLERR}]) Does the above-mentioned change in 2.1.4 fix this? I'm using 2.0.9 right now. Is there a patch available somewhere so that I can backport the change? I couldn't find a source repository on your site. BTW: Why are there so many versions of syslog-ng? 2.0.x, 2.1.x, 3.0.x... Debian and Ubuntu are still at 2.0.9. Thanks in advance, and keep up the good work! -- Jean-Baptiste Quenot http://jbq.caraldi.com/