[Bug 254] New: 3.4. 1 patterndb replacing HOST corrupts $HOST and $FULLHOST macros
https://bugzilla.balabit.com/show_bug.cgi?id=254 Summary: 3.4.1 patterndb replacing HOST corrupts $HOST and $FULLHOST macros Product: syslog-ng Version: 3.4.x Platform: PC OS/Version: Linux Status: NEW Severity: blocker Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: erempel@uvic.ca Type of the Report: --- Estimated Hours: 0.0 I am using a patterndb of <pattern>got messages from @STRING:HOST:-.@</pattern> to match the syslog line 2013-10-08T11:01:26-07:00 wolverine.comp.uvic.ca/wolverine.comp.uvic.ca/syslog2.uvic.ca local0.info heartbeat[18869]: got messages from camelotia.comp.uvic.ca so that the syslog line will appears as if it came from camelotia.comp.uvic.ca When this line gets logged to the files, it looks like 2013-10-08T11:01:26-07:00 camelotia.comp.uvic.ca^@heP^@^@^@ local0.info flare-heartbeat[18869]: got messages from camelotia.comp.uvic.ca wher the ^@ are ASCII 0 (control-@) characters. In other words, the HOST macro becomes corrupt. The line should look (preferably) like 2013-10-08T11:01:26-07:00 camelotia.comp.uvic.ca/wolverine.comp.uvic.ca/syslog2.uvic.ca local0.info flare-heartbeat[18869]: got messages from camelotia.comp.uvic.ca or (less preferably) 2013-10-08T11:01:26-07:00 camelotia.comp.uvic.ca local0.info flare-heartbeat[18869]: got messages from camelotia.comp.uvic.ca It isn''t consistent how many ^@ symbols are present. 2013-10-08T11:00:26-07:00 nestor0286.westgrid.uvic.ca^@^@ local0.info flare-heartbeat[18869]: got messages from nestor0286.westgrid.uvic.ca 2013-10-08T11:00:26-07:00 nestor0127.westgrid.uvic.ca^@^@^@^@^@^@ local0.info flare-heartbeat[18869]: got messages from nestor0127.westgrid.uvic.ca 2013-10-08T11:00:26-07:00 hermes0042.westgrid.uvic.ca^@^@ local0.info flare-heartbeat[18869]: got messages from hermes0042.westgrid.uvic.ca 2013-10-08T11:00:26-07:00 hermes0032.westgrid.uvic.ca^@^@ local0.info flare-heartbeat[18869]: got messages from hermes0032.westgrid.uvic.ca 2013-10-08T11:00:26-07:00 nestor0016.westgrid.uvic.ca^@fang local0.info flare-heartbeat[18869]: got messages from nestor0016.westgrid.uvic.ca 2013-10-08T11:00:26-07:00 nestor0027.westgrid.uvic.ca^@^@ local0.info flare-heartbeat[18869]: got messages from nestor0027.westgrid.uvic.ca -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=254 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2013-10-09 15:51:44 --- This patch should solve this (now on 3.5 master) @Algernon, can you please backport this to 3.4 when you have a chance? Thanks $ git show commit f8401c1f87622c3220f8822b46bef53ead51da44 Author: Balazs Scheidler <bazsi@balabit.hu> Date: Wed Oct 9 15:49:22 2013 +0200 db-parser: fixed @STRING@ parser when ran at the end of the message When @STRING@ was used right at the end of the message, it stepped outside its input buffer and adding memory garbage to the parsed value. This could only happen if: - the parsing parameter specifies characters in addition to isalnum() - the characters after the input buffer are either alphanumeric are within the characters specified as terminating characters or NUL Reported-by: Evan Rempel <erempel@uvic.ca> Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> diff --git a/modules/dbparser/radix.c b/modules/dbparser/radix.c index ce065a3..5885f90 100644 --- a/modules/dbparser/radix.c +++ b/modules/dbparser/radix.c @@ -41,7 +41,7 @@ r_parser_string(guint8 *str, gint *len, const gchar *param, gpointer state, RPar { *len = 0; - while (g_ascii_isalnum(str[*len]) || (param && strchr(param, str[*len]))) + while (str[*len] && (g_ascii_isalnum(str[*len]) || (param && strchr(param, str[*len])))) (*len)++; if (*len > 0) -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=254 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |algernon@balabit.hu Resolution| |FIXED Status|NEW |RESOLVED --- Comment #2 from Gergely Nagy <algernon@balabit.hu> 2013-10-09 16:02:15 --- Merged to 3.4 master too, will be in 3.4.4 (due next week). Thanks! -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com