[syslog-ng]crashbug fix in recent syslog-ng versions
Balazs Scheidler
bazsi@balabit.hu
Sun, 27 Oct 2002 08:42:14 +0100
Hi,
I have found two problems which are the possible cause of the crashes
reported on this list. expect a new release soon if the fixes below prove
to be effective.
The first one is a misallocation, causing an off-by-one error:
diff -u -r1.35 sources.c
--- sources.c 21 Aug 2002 14:03:50 -0000 1.35
+++ sources.c 27 Oct 2002 07:35:23 -0000
@@ -163,10 +163,10 @@
self->dgram = dgram;
self->next = next;
self->prefix = prefix;
- self->max_log_line = MAX(max_log_line, pad_size) + 1;
+ self->max_log_line = MAX(max_log_line, pad_size);
self->pad_size = pad_size;
self->msg_flags = msg_flags;
- self->buffer = ol_space_alloc(max_log_line);
+ self->buffer = ol_space_alloc(self->max_log_line);
return &self->super;
}
---- end of patch
The second one is triggered with much less probability, it is also an
off-by-one (this one can be triggered when the byte _after_ the allocated buffer is
either '\n' or '\r').
diff -u -r1.27 -r1.28
--- log.c 21 Aug 2002 14:03:50 -0000 1.27
+++ log.c 18 Oct 2002 12:31:08 -0000 1.28
@@ -44,11 +44,9 @@
static void parse_log_msg(struct log_info *lm, UINT32 length, UINT8 *data, UINT8 *prefix)
{
unsigned char *src;
- int left;
- int pri;
+ unsigned int left, pri, oldleft;
time_t now = time(NULL);
char *oldsrc;
- int oldleft;
src = data;
left = length;
@@ -241,7 +239,7 @@
lm->stamp = now;
}
- for (oldsrc = src, oldleft = left; oldleft >= 0; oldleft--, oldsrc++) {
+ for (oldsrc = src, oldleft = left; oldleft > 0; oldleft--, oldsrc++) {
if (*oldsrc == '\n' || *oldsrc == '\r') *oldsrc = ' ';
}
lm->msg = c_format_cstring("%z%s", prefix ? prefix : (UINT8 *) "", left, src);
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1