[syslog-ng] [Bug 32] New: syslog-ng stops listening after receiving a zero length udp packet

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Tue Feb 10 22:12:56 CET 2009


https://bugzilla.balabit.com/show_bug.cgi?id=32

           Summary: syslog-ng stops listening after receiving a zero length
                    udp packet
           Product: syslog-ng
           Version: 3.0.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: major
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: ffs at ccn.net
Type of the Report: bug
   Estimated Hours: 0.0


Created an attachment (id=12)
 --> (https://bugzilla.balabit.com/attachment.cgi?id=12)
afsocket EOF patch

Hi,

if syslog-ng has an udp() source configured it stops listening after receiving a zero length udp packet.
In debug mode it logs 'EOF occurred while reading'. After this message no udp messages get processed anymore.
After a restart syslog-ng is logging again.
As this bug is reproducible it could be abused for DOS attacks also.

Tested on: Solaris 8/9

Attached is a patch for version 3.0.1. There might be a better way to solve this problem, but it's working for me.

Thank you for syslog-ng!

Florian


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list