[syslog-ng]Possible segmentation fault in syslog-ng

Balazs Scheidler syslog-ng@lists.balabit.hu
Tue, 03 May 2005 18:03:01 +0200


Hi,

I have finally been able to track down a nasty segmentation fault/abort
problem. The fix can be found in libol 0.3.16, which is statically
linked into syslog-ng.

Therefore to grab the fix, you need to recompile syslog-ng with the new
libol.

The problem occurs when:

* internal() messages were directed to a file which had a name with
macros in it
* you had one or more TCP sources which close their connections from
time to time (Kiwi syslogd is such a program)
* the volume of the log messages  is very low in this destination, in
fact it might be required that nothing else but TCP connection close
messages are received here, and less often than the interval time_reap()
specifies.

How to reproduce:

* Use the following configuration:

options { time_reap(1); gc_idle_threshold(1); };

source src { unix-stream("log"); internal(); };
source net { tcp(port(2000)); };

destination d_local { file("logs/messages.$YEAR.$HOST.$DAY"); };
destination d_net { file("logs/net.log"); };

log { source(src);  destination(d_local); };
log { source(net);  destination(d_net); };

* Create the directory containing the log files "logs"
* Start syslog-ng
* Connect to port 2000 using telnet, wait somewhat more than 1 second
* Wait while garbage collection starts (should be immediately as gc_idle_threshold() is set to 1)

Syslog-ng will crash with Segmentation fault or an Abort. Thanks go to Janos Lajos 
who has reported and helped me to track down the issue.

Libol 0.3.16 is available at:

http://www.balabit.hu/downloads/syslog-ng/libol/0.3/libol-0.3.16.tar.gz

PGP signature:

http://www.balabit.hu/downloads/syslog-ng/libol/0.3/libol-0.3.16.tar.gz.asc

-- 
Bazsi