From 47866030196626d42faa68c92ee59c0b81a481f0 Mon Sep 17 00:00:00 2001 From: Hongfei Cheng Date: Thu, 6 Jun 2013 16:09:46 +0200 Subject: bugfix imzmq3: potential segfault on startup if no problem happend at startup, everything went fine --- ChangeLog | 5 ++++ plugins/imzmq3/imzmq3.c | 70 ++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 62 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5f8d7ccc..e6f1e2cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ --------------------------------------------------------------------------- +Version 7.4.1 [v7.4-stable] 2013-06-?? +- bugfix imzmq3: potential segfault on startup + if no problem happend at startup, everything went fine + Thanks to Hongfei Cheng and Brian Knox for the patch +--------------------------------------------------------------------------- Version 7.4.0 [v7.4-stable] 2013-06-06 This starts a new stable branch based on 7.3.15 plus the following changes: - add --enable-cached-man-pages ./configure option diff --git a/plugins/imzmq3/imzmq3.c b/plugins/imzmq3/imzmq3.c index 52ca5ebe..08b1dbe4 100644 --- a/plugins/imzmq3/imzmq3.c +++ b/plugins/imzmq3/imzmq3.c @@ -135,7 +135,6 @@ struct lstn_s { /* ---------------------------------------------------------------------------- * Static definitions/initializations. */ -static modConfData_t* loadModConf = NULL; static modConfData_t* runModConf = NULL; static struct lstn_s* lcnfRoot = NULL; static struct lstn_s* lcnfLast = NULL; @@ -268,7 +267,7 @@ static void setDefaults(instanceConf_t* info) { info->reconnectIVLMax = -1; info->ipv4Only = -1; info->affinity = -1; - + info->next = NULL; }; /* given a comma separated list of subscriptions, create a char* array of them @@ -442,11 +441,11 @@ static rsRetVal createInstance(instanceConf_t** pinst) { setDefaults(inst); /* add this to the config */ - if(loadModConf->tail == NULL) { - loadModConf->tail = loadModConf->root = inst; + if (runModConf->root == NULL || runModConf->tail == NULL) { + runModConf->tail = runModConf->root = inst; } else { - loadModConf->tail->next = inst; - loadModConf->tail = inst; + runModConf->tail->next = inst; + runModConf->tail = inst; } *pinst = inst; finalize_it: @@ -696,10 +695,14 @@ ENDisCompatibleWithFeature BEGINbeginCnfLoad CODESTARTbeginCnfLoad - loadModConf = pModConf; - pModConf->pConf = pConf; + /* After endCnfLoad() (BEGINendCnfLoad...ENDendCnfLoad) is called, + * the pModConf pointer must not be used to change the in-memory + * config object. It's safe to use the same pointer for accessing + * the config object until freeCnf() (BEGINfreeCnf...ENDfreeCnf). */ + runModConf = pModConf; + runModConf->pConf = pConf; /* init module config */ - loadModConf->io_threads = 0; /* 0 means don't set it */ + runModConf->io_threads = 0; /* 0 means don't set it */ ENDbeginCnfLoad @@ -718,7 +721,7 @@ CODESTARTsetModCnf if (!pvals[i].bUsed) continue; if (!strcmp(modpblk.descr[i].name, "ioThreads")) { - loadModConf->io_threads = (int)pvals[i].val.d.n; + runModConf->io_threads = (int)pvals[i].val.d.n; } else { errmsg.LogError(0, RS_RET_INVALID_PARAMS, "imzmq3: config error, unknown " @@ -735,7 +738,14 @@ ENDsetModCnf BEGINendCnfLoad CODESTARTendCnfLoad - loadModConf = NULL; /* done loading, so it becomes NULL */ + /* Last chance to make changes to the in-memory config object for this + * input module. After this call, the config object must no longer be + * changed. */ + if (pModConf != runModConf) { + errmsg.LogError(0, NO_ERRCODE, "imzmq3: pointer of in-memory config object has " + "changed - pModConf=%p, runModConf=%p", pModConf, runModConf); + } + assert(pModConf == runModConf); ENDendCnfLoad @@ -764,7 +774,12 @@ ENDcheckCnf BEGINactivateCnfPrePrivDrop CODESTARTactivateCnfPrePrivDrop - runModConf = pModConf; + if (pModConf != runModConf) { + errmsg.LogError(0, NO_ERRCODE, "imzmq3: pointer of in-memory config object has " + "changed - pModConf=%p, runModConf=%p", pModConf, runModConf); + } + assert(pModConf == runModConf); + /* first create the context */ createContext(); @@ -775,12 +790,41 @@ ENDactivateCnfPrePrivDrop BEGINactivateCnf CODESTARTactivateCnf + if (pModConf != runModConf) { + errmsg.LogError(0, NO_ERRCODE, "imzmq3: pointer of in-memory config object has " + "changed - pModConf=%p, runModConf=%p", pModConf, runModConf); + } + assert(pModConf == runModConf); ENDactivateCnf -/*TODO: Fill this in! */ BEGINfreeCnf + struct lstn_s *lstn, *lstn_r; + instanceConf_t *inst, *inst_r; + sublist *sub, *sub_r; CODESTARTfreeCnf + DBGPRINTF("imzmq3: BEGINfreeCnf ...\n"); + if (pModConf != runModConf) { + errmsg.LogError(0, NO_ERRCODE, "imzmq3: pointer of in-memory config object has " + "changed - pModConf=%p, runModConf=%p", pModConf, runModConf); + } + for (lstn = lcnfRoot; lstn != NULL; ) { + lstn_r = lstn; + lstn = lstn_r->next; + free(lstn_r); + } + for (inst = pModConf->root ; inst != NULL ; ) { + for (sub = inst->subscriptions; sub != NULL; ) { + free(sub->subscribe); + sub_r = sub; + sub = sub_r->next; + free(sub_r); + } + free(inst->pszBindRuleset); + inst_r = inst; + inst = inst->next; + free(inst_r); + } ENDfreeCnf -- cgit v1.2.3 From fc72c6cccc1e1e267c063e384a900a8987a8f14e Mon Sep 17 00:00:00 2001 From: Tomas Heinrich Date: Fri, 7 Jun 2013 01:15:10 +0200 Subject: bugfix: be more tolerant to malformed journal fields This prevents a segfault when a malformed journal entry field doesn't contain an equal sign. Should not ever happen but was actually triggered by a real bug in systemd journal. --- plugins/imjournal/imjournal.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c index ae29154d..cce45b9c 100755 --- a/plugins/imjournal/imjournal.c +++ b/plugins/imjournal/imjournal.c @@ -244,7 +244,14 @@ readjournal() { SD_JOURNAL_FOREACH_DATA(j, get, l) { /* locate equal sign, this is always present */ equal_sign = memchr(get, '=', l); - assert (equal_sign != NULL); + + /* ... but we know better than to trust the specs */ + if (equal_sign == NULL) { + errmsg.LogError(0, RS_RET_ERR,"SD_JOURNAL_FOREACH_DATA()" + " returned a malformed field (has no '='): '%s'", + get); + continue; /* skip the entry */ + } /* get length of journal data prefix */ prefixlen = ((char *)equal_sign - (char *)get); -- cgit v1.2.3 From 573e3fb27c6521255a687da9321a9ecc7ce634ef Mon Sep 17 00:00:00 2001 From: Tomas Heinrich Date: Sat, 8 Jun 2013 23:27:48 +0200 Subject: bugfix: prevent an endless loop in the ratelimiter If messages are being dropped because of ratelimiting, an internal message is generated to inform about this fact. This should happen only uppon the firs occurance but the counter that tracks the number of dropped messages was incremented only after sending the message. If the message itself gets ratelimited, an endless loop spins out of control. Thanks to Jerry James for notifying about this. --- runtime/ratelimit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runtime/ratelimit.c b/runtime/ratelimit.c index d83da2dd..ec248550 100644 --- a/runtime/ratelimit.c +++ b/runtime/ratelimit.c @@ -167,13 +167,13 @@ withinRatelimit(ratelimit_t *ratelimit, time_t tt) ratelimit->done++; ret = 1; } else { - if(ratelimit->missed == 0) { + ratelimit->missed++; + if(ratelimit->missed == 1) { snprintf((char*)msgbuf, sizeof(msgbuf), "%s: begin to drop messages due to rate-limiting", ratelimit->name); logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0); } - ratelimit->missed++; ret = 0; } -- cgit v1.2.3 From 5d061ce8522163d0b16fece9ac7adb11f60fe0d0 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 10 Jun 2013 08:07:50 +0200 Subject: doc: add contributed patches to ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index e6f1e2cb..f0a7d0ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ --------------------------------------------------------------------------- Version 7.4.1 [v7.4-stable] 2013-06-?? +- bugfix: potential loop in rate limiting + if the message that tells about rate-limiting gets rate-limited itself, + it will potentially create and endless loop +- bugfix: potential segfault in imjournal if journal DB is corrupted - bugfix imzmq3: potential segfault on startup if no problem happend at startup, everything went fine Thanks to Hongfei Cheng and Brian Knox for the patch -- cgit v1.2.3 From 940327046c6302dc7955139adfc104e08d0179bd Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 10 Jun 2013 17:45:40 +0200 Subject: doc bugfix: imrelp does not have a v6+ "ruleset" config parameter --- doc/imrelp.html | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/doc/imrelp.html b/doc/imrelp.html index 9f3e4875..f7fcc4b3 100644 --- a/doc/imrelp.html +++ b/doc/imrelp.html @@ -30,14 +30,12 @@ Clients send messages to the RELP server via omrelp.

Configuration Directives:

    -
  • Ruleset <name>
    -Binds the specified ruleset to all RELP listeners.
  • Port <port>
    Starts a RELP server on selected port
Caveats/Known Bugs:
    -
  • see description
    • +
  • ruleset can only be bound via legacy configuration format
  • To obtain the remote system's IP address, you need to have at least librelp 1.0.0 installed. Versions below it return the hostname instead of the IP address.
    • @@ -54,7 +52,7 @@ input(type="imrelp" port="20514")

    Legacy Configuration Directives:

    • InputRELPServerBindRuleset <name> (available in 6.3.6+)
      -equivalent to: RuleSet +Binds the specified ruleset to all RELP listeners.
    • InputRELPServerRun <port>
      equivalent to: Port
    -- cgit v1.2.3