[syslog-ng]syslog-ng and Linux kernel 2.4.20

[Balazs Scheidler]

hi,

this message is to inform you that syslog-ng might crash on kernels 2.4.20
due to a kernel bug. It causes syslog-ng to crash every few days.

the problem is that recvfrom() returns without touching either the sockaddr
length or the socket address. If the memory area contains a seemingly valid
AF_INET address (because of a previous invocation), then
sockaddr2address_info memcpy()s socklen (which is 256 in our case) amount of
memory to a sockaddr_in.

I've now added a workaround, and an assert statement to catch these cases.
Patch is included below, but grabbing the latest libol snapshot should also
help.

A workaround is attached:

diff -u -r1.36 -r1.37
--- io.c	30 Apr 2003 08:08:50 -0000	1.36
+++ io.c	22 May 2003 16:56:59 -0000	1.37
@@ -1,6 +1,6 @@
 /* io.c
  *
- * $Id: io.c,v 1.36 2003/04/30 08:08:50 bazsi Exp $ */
+ * $Id: io.c,v 1.37 2003/05/22 16:56:59 bazsi Exp $ */
 
 /* lsh, an implementation of the ssh protocol
  *
@@ -373,9 +373,13 @@
 	for (;;) {
 		int res;
 		
+		/* This is another workaround for Linux kernel bugs */
+		
+		((struct sockaddr *) addr)->sa_family = 0;
+		
 		res = recvfrom(closure->fd, buffer, length, 0, (struct sockaddr *) addr, (socklen_t *) addrlen);
 
-		if (*addrlen == 2) {
+		if (*addrlen == 2 || (*addrlen >= 2 && ((struct sockaddr *) addr)->sa_family == 0)) {
 			/* HACK: this is a workaround of a Linux 2.2 & 2.4 bug,
 			 * it doesn't return anything sensible in sockaddr buf 
 			 */
@@ -1013,6 +1017,7 @@
 		struct sockaddr_in *in = (struct sockaddr_in *) addr;
 		UINT32 ip, port;
 
+		assert(addr_len == sizeof(struct sockaddr_in));
 		ip = ntohl(in->sin_addr.s_addr);
 		port = ntohs(in->sin_port);
 		a = make_inet_address(c_format_cstring("%i.%i.%i.%i",


-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1