[syslog-ng]patch for log parsing bugs (log4j)

Balazs Scheidler syslog-ng@lists.balabit.hu
Fri, 3 Oct 2003 16:24:34 +0200 

hi,

Attached you'll find a patch against syslog-ng 1.6.0rc4 which addresses some
issues wrt log parsing. Please test if the patch fixes your problems. It
might be part of a future release if it proves to interoperate with other
platforms.

People with not to frequent platforms (HP-UX comes to mind), please also
test this patch as it might break there. Thanks.

And finally the patch:

Index: src/sources.c
===================================================================
RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.c,v
retrieving revision 1.37
diff -u -r1.37 sources.c
--- src/sources.c       8 Jan 2003 09:31:37 -0000       1.37
+++ src/sources.c       3 Oct 2003 14:22:32 -0000
@@ -107,23 +107,32 @@
        }
        closure->pos += n;
  
+       /* UDP packets are complete log lines on their own */
+       if (closure->dgram) {
+               do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen);
+               closure->pos = 0;
+               return ST_OK | ST_GOON;
+       }
+
        eol = memchr(closure->buffer, '\0', closure->pos);
-       if (eol == NULL)
-               eol = memchr(closure->buffer, '\n', closure->pos);
        if (closure->pad_size && eol) {
+
+               /* HP-UX sends chunks of pad_size in size, each containing a
+                * separate message, terminated by NUL */
                do_handle_line(closure, eol - closure->buffer, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen);
                closure->pos = 0;
                return ST_OK | ST_GOON;
        }
-       if (!eol && (closure->dgram || closure->pos == closure->max_log_line)) {
-               /* we don't have a terminating nl nor \0, and our buffer is
-                  full or we are a datagram receiver, when the message is in
-                  its own packet.
-                */
+       if (eol == NULL)
+               eol = memchr(closure->buffer, '\n', closure->pos);
+       if (!eol && closure->pos == closure->max_log_line) {
+               /* we don't have a terminating nl nor \0, and our buffer is full */
                do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen);
                closure->pos = 0;
                return ST_OK | ST_GOON;
        }
+
+       /* iterate through lines */
        start = closure->buffer;
        while (eol) {
                /* eol points at the newline character. end points at the

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1