backport of $AllowedSender security fixv3.18.6

- security bugfix: $AllowedSender was not honored, all senders were
  permitted instead (see http://www.rsyslog.com/Article322.phtml)
  (backport from v3-stable, v3.20.9)
- minor bugfix: dual close() call on tcp session closure

3 files changed, 21 insertions, 22 deletions

diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c
index 74d5d5c5..f2b00d9d 100644
--- a/plugins/imgssapi/imgssapi.c
+++ b/plugins/imgssapi/imgssapi.c
@@ -172,10 +172,10 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p
 	pGSess = (gss_sess_t*) pUsrSess;
 
 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) &&
-	   net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN))
 		allowedMethods |= ALLOWEDMETHOD_TCP;
 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) &&
-	   net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN))
 		allowedMethods |= ALLOWEDMETHOD_GSS;
 	if(allowedMethods && pGSess != NULL)
 		pGSess->allowedMethods = allowedMethods;
@@ -645,14 +645,8 @@ ENDmodExit
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if (net.pAllowedSenders_TCP != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_TCP);
-		net.pAllowedSenders_TCP = NULL;
-	}
-	if (net.pAllowedSenders_GSS != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_GSS);
-		net.pAllowedSenders_GSS = NULL;
-	}
+	net.clearAllowedSenders((uchar*)"TCP");
+	net.clearAllowedSenders((uchar*)"GSS");
 ENDafterRun
 
 
diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
index 7baa95f2..9b4d49f5 100644
--- a/plugins/imtcp/imtcp.c
+++ b/plugins/imtcp/imtcp.c
@@ -66,7 +66,7 @@ static int
 isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
 	        void __attribute__((unused)) *pUsrSess)
 {
-	return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+	return net.isAllowedSender((uchar*) "TCP", addr, fromHostFQDN);
 }
 
 
@@ -158,10 +158,7 @@ ENDwillRun
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if(net.pAllowedSenders_TCP != NULL) {
-		net.clearAllowedSenders(net.pAllowedSenders_TCP);
-		net.pAllowedSenders_TCP = NULL;
-	}
+	net.clearAllowedSenders((char*)"TCP");
 ENDafterRun
 
 
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 81e7d7a4..3cdd8dd6 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -49,6 +49,10 @@ DEF_IMOD_STATIC_DATA
 DEFobjCurrIf(errmsg)
 DEFobjCurrIf(net)
 
+static time_t ttLastDiscard = 0;	/* timestamp when a message from a non-permitted sender was last discarded
+					 * This shall prevent remote DoS when the "discard on disallowed sender"
+					 * message is configured to be logged on occurance of such a case.
+					 */
 static int *udpLstnSocks = NULL;	/* Internet datagram sockets, first element is nbr of elements
 					 * read-only after init(), but beware of restart! */
 static uchar *pszBindAddr = NULL;	/* IP to bind socket to */
@@ -189,15 +193,22 @@ CODESTARTrunInput
 							* configured to do this).
 							* rgerhards, 2005-09-26
 							*/
-						       if(net.isAllowedSender(net.pAllowedSenders_UDP,
+						       if(net.isAllowedSender((uchar*) "UDP",
 							  (struct sockaddr *)&frominet, (char*)fromHostFQDN)) {
 							       parseAndSubmitMessage((char*)fromHost, (char*) pRcvBuf, l,
 							       MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY);
 						       } else {
 							       dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN);
 							       if(option_DisallowWarning) {
-								       errmsg.LogError(NO_ERRCODE, "UDP message from disallowed sender %s discarded",
-										  (char*)fromHost);
+ 							       		time_t tt;
+
+ 									time(&tt);
+ 									if(tt > ttLastDiscard + 60) {
+ 										ttLastDiscard = tt;
+ 										errmsg.LogError(NO_ERRCODE,
+ 										"UDP message from disallowed sender %s discarded",
+ 										(char*)fromHost);
+ 									}
 							       }	
 						       }
 					       }
@@ -238,10 +249,7 @@ ENDwillRun
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if (net.pAllowedSenders_UDP != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_UDP);
-		net.pAllowedSenders_UDP = NULL;
-	}
+	net.clearAllowedSenders((uchar*)"UDP");
 	if(udpLstnSocks != NULL) {
 		net.closeUDPListenSockets(udpLstnSocks);
 		udpLstnSocks = NULL;