chained hostnames format broken in v3.1.2?
Hi, all. Hopefully this is a quick and easy one -- I am working on upgrading our grid from syslog-ng 2.1.4 to 3.1.2. But it looks like chained hostnames are broken now. Here's what a typical message looked like in 2.1.4: Nov 19 12:24:58 s_internal@svvspd02 syslog-ng[4083]: syslog-ng starting up; version='2.1.4' And in v3, it now looks like this: Nov 22 09:17:39 s_self@svvspd02@F<D5> ^G syslog-ng[2527]: syslog-ng starting up; version='3.1.2' Notice the stray characters after the hostname (this is pasted from 'less' so the nonprintable chars have been expanded). This looks suspiciously like a strcpy() gone awry -- like a NULL didn't get tacked onto the end of the hostname when the chained hostname string was built up. Is this a known bug? If so, is there a patch posted in git that I can pull down and rebuild? Thanks! -- Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems Engineer Austin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT Infrastructure Fax: (512) 602-0468
I think I found it -- in the resolve_sockaddr function, the resolved hostname is being returned without being NULL-terminated. This patch fixes it: diff -Naur syslog-ng-3.1.2/src/misc.c syslog-ng-3.1.2-patch/src/misc.c --- syslog-ng-3.1.2/src/misc.c Wed May 5 05:03:33 2010 +++ syslog-ng-3.1.2-patch/src/misc.c Mon Nov 22 13:55:01 2010 @@ -254,6 +254,9 @@ if (len <= *result_len) *result_len = len; } + + /* Ensure that result is null-terminated */ + result[*result_len] = '\0'; } However, I'm by no means a developer so I don't know if this is safe or even if it's the right fix. Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems Engineer Austin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT Infrastructure Fax: (512) 602-0468 On 11/22/10 11:45, Paul Krizak wrote:
Hi, all. Hopefully this is a quick and easy one --
I am working on upgrading our grid from syslog-ng 2.1.4 to 3.1.2. But it looks like chained hostnames are broken now.
Here's what a typical message looked like in 2.1.4:
Nov 19 12:24:58 s_internal@svvspd02 syslog-ng[4083]: syslog-ng starting up; version='2.1.4'
And in v3, it now looks like this:
Nov 22 09:17:39 s_self@svvspd02@F<D5> ^G syslog-ng[2527]: syslog-ng starting up; version='3.1.2'
Notice the stray characters after the hostname (this is pasted from 'less' so the nonprintable chars have been expanded).
This looks suspiciously like a strcpy() gone awry -- like a NULL didn't get tacked onto the end of the hostname when the chained hostname string was built up.
Is this a known bug? If so, is there a patch posted in git that I can pull down and rebuild?
Thanks!
Anybody? Is this the wrong list to submit bugs/patches? Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems Engineer Austin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT Infrastructure Fax: (512) 602-0468 On 11/22/10 13:56, Paul Krizak wrote:
I think I found it -- in the resolve_sockaddr function, the resolved hostname is being returned without being NULL-terminated. This patch fixes it:
diff -Naur syslog-ng-3.1.2/src/misc.c syslog-ng-3.1.2-patch/src/misc.c --- syslog-ng-3.1.2/src/misc.c Wed May 5 05:03:33 2010 +++ syslog-ng-3.1.2-patch/src/misc.c Mon Nov 22 13:55:01 2010 @@ -254,6 +254,9 @@ if (len<= *result_len) *result_len = len; } + + /* Ensure that result is null-terminated */ + result[*result_len] = '\0'; }
However, I'm by no means a developer so I don't know if this is safe or even if it's the right fix.
Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems Engineer Austin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT Infrastructure Fax: (512) 602-0468
On 11/22/10 11:45, Paul Krizak wrote:
Hi, all. Hopefully this is a quick and easy one --
I am working on upgrading our grid from syslog-ng 2.1.4 to 3.1.2. But it looks like chained hostnames are broken now.
Here's what a typical message looked like in 2.1.4:
Nov 19 12:24:58 s_internal@svvspd02 syslog-ng[4083]: syslog-ng starting up; version='2.1.4'
And in v3, it now looks like this:
Nov 22 09:17:39 s_self@svvspd02@F<D5> ^G syslog-ng[2527]: syslog-ng starting up; version='3.1.2'
Notice the stray characters after the hostname (this is pasted from 'less' so the nonprintable chars have been expanded).
This looks suspiciously like a strcpy() gone awry -- like a NULL didn't get tacked onto the end of the hostname when the chained hostname string was built up.
Is this a known bug? If so, is there a patch posted in git that I can pull down and rebuild?
Thanks!
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Tue, Nov 23, 2010 at 08:15:03PM -0600, Paul Krizak wrote:
Anybody? Is this the wrong list to submit bugs/patches?
Paul, It's OK and I am sure the patch will be appreciated. But sometimes the Balabit guys are a bit overloaded and take a few days or a week to reply. Matthew.
On Tue, 2010-11-23 at 18:17 -0800, Matthew Hall wrote:
On Tue, Nov 23, 2010 at 08:15:03PM -0600, Paul Krizak wrote:
Anybody? Is this the wrong list to submit bugs/patches?
Paul,
It's OK and I am sure the patch will be appreciated.
But sometimes the Balabit guys are a bit overloaded and take a few days or a week to reply.
Yes, it is definitely appreciated. I'm integrating your bugfix, right after I finish this mail. (I just send it out, just in case I get distracted). -- Bazsi
On Tue, 2010-11-23 at 18:17 -0800, Matthew Hall wrote:
On Tue, Nov 23, 2010 at 08:15:03PM -0600, Paul Krizak wrote:
Anybody? Is this the wrong list to submit bugs/patches?
Paul,
It's OK and I am sure the patch will be appreciated.
But sometimes the Balabit guys are a bit overloaded and take a few days or a week to reply.
I've found a similar patch in our PE repos, so I've ported that one. Thanks for your contribution. It really is appreciated, but I wouldn't recommend my last couple of days to anyone. :) Too bad, I've already published v3.1.3 just prior to receiving this email (which went unannounced too, I've just sent the announcements out). commit f6efe1a82c3726c7f65ca0dd173af8d3f58824aa Author: NagyAttila <naat@balabit.hu> Date: Thu Oct 14 17:54:14 2010 +0200 HOST macro filled properly with chained_hostnames and normalize_hostnames (fixes: #02598) A fix was also proposed by Paul, but we also had an alternative implementation. This one is closer to the PE branch, making it easier for us to keep the two in sync. Reported-By: Paul Krizak -- Bazsi
Thanks! I presume this fix will officially appear in 3.1.4? Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems Engineer Austin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT Infrastructure Fax: (512) 602-0468 On 11/26/10 08:35, Balazs Scheidler wrote:
On Tue, 2010-11-23 at 18:17 -0800, Matthew Hall wrote:
On Tue, Nov 23, 2010 at 08:15:03PM -0600, Paul Krizak wrote:
Anybody? Is this the wrong list to submit bugs/patches?
Paul,
It's OK and I am sure the patch will be appreciated.
But sometimes the Balabit guys are a bit overloaded and take a few days or a week to reply.
I've found a similar patch in our PE repos, so I've ported that one. Thanks for your contribution. It really is appreciated, but I wouldn't recommend my last couple of days to anyone. :)
Too bad, I've already published v3.1.3 just prior to receiving this email (which went unannounced too, I've just sent the announcements out).
commit f6efe1a82c3726c7f65ca0dd173af8d3f58824aa Author: NagyAttila<naat@balabit.hu> Date: Thu Oct 14 17:54:14 2010 +0200
HOST macro filled properly with chained_hostnames and normalize_hostnames (fixes: #02598)
A fix was also proposed by Paul, but we also had an alternative implementation. This one is closer to the PE branch, making it easier for us to keep the two in sync.
Reported-By: Paul Krizak
On Mon, 2010-11-29 at 09:43 -0600, Paul Krizak wrote:
Thanks! I presume this fix will officially appear in 3.1.4?
Yes. -- Bazsi
participants (3)
-
Balazs Scheidler
-
Matthew Hall
-
Paul Krizak