NetBSD Problem Report #40043
From gcw@primenet.com.au Thu Nov 27 04:47:26 2008
Return-Path: <gcw@primenet.com.au>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id DA8C763B8BD
for <gnats-bugs@gnats.NetBSD.org>; Thu, 27 Nov 2008 04:47:25 +0000 (UTC)
Message-Id: <20081127044721.3432.qmail@g.primenet.com.au>
Date: 27 Nov 2008 15:47:21 +1100
From: gcw@primenet.com.au
Reply-To: gcw@primenet.com.au
To: gnats-bugs@gnats.NetBSD.org
Subject: syslogd timestamping & protocol version parsing problems
X-Send-Pr-Version: 3.95
>Number: 40043
>Category: bin
>Synopsis: syslogd timestamping and protocol parsing deficiencies
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 27 04:50:00 +0000 2008
>Closed-Date: Mon May 18 07:13:26 +0000 2009
>Last-Modified: Mon May 18 07:13:26 +0000 2009
>Originator: Geoff C. Wing
>Release: NetBSD 5.99.3
>Organization:
>Environment:
System: NetBSD g.primenet.com.au 5.99.3 NetBSD 5.99.3 (G) #0: Thu Nov 27 12:14:12 EST 2008 gcw@g.primenet.com.au:/usr/netbsd/src/sys/arch/i386/compile/G i386
Architecture: i386
Machine: i386
>Description:
Syslogd does not properly handle:
1) the ADDDATE flag which is set with -T invocation and when messages
come from the kernel. Other cases where it is set it is ignored
as timestamping is always done (e.g. logmsg_async())
2) the variable found_ts in check_timestamp(). It would determine
whether or not the message had a (possibly valid) timestamp, set
found_ts to true, then ignore that in most cases. If we can't find
a timestamp return.
3) messages without a parsable timestamp should get one when outputting
the BSD syslog format so that a syslog-protocol timestamp isn't
injected (chopped off with BSD syslog length) giving something like:
"2008-11-27T15:0 cisco -: 1790:"
^ time might have been 2008-11-27T15:02:35.296497+11:00
4) syslog protocol version checking only checked for a leading numeral
one (1) then skipped two places (presuming a space). Messages sent
from some sources (e.g. my cisco) may be
"1795: Nov 27 04:12:52: %LINEPROTO-5-..."
which would be chopped to
"95: Nov 27 04:12:52: %LINEPROTO-5-..."
>How-To-Repeat:
Use it
>Fix:
Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.93
diff -u -r1.93 syslogd.c
--- usr.sbin/syslogd/syslogd.c 7 Nov 2008 15:42:01 -0000 1.93
+++ usr.sbin/syslogd/syslogd.c 27 Nov 2008 04:36:00 -0000
@@ -1025,10 +1025,17 @@
buffer = buf_msg_new(0);
p = msg;
- start = p += check_timestamp((unsigned char*) p,
+ p += check_timestamp((unsigned char*) p,
&buffer->timestamp, true, !BSDOutputFormat);
DPRINTF(D_DATA, "Got timestamp \"%s\"\n", buffer->timestamp);
+ if (flags & ADDDATE) {
+ FREEPTR(buffer->timestamp);
+ buffer->timestamp = strdup(make_timestamp(NULL,
+ !BSDOutputFormat));
+ }
+
+ start = p;
NEXTFIELD(p);
/* extract host */
for (start = p;; p++) {
@@ -1235,10 +1242,16 @@
buffer = buf_msg_new(0);
p = msg;
- start = p += check_timestamp((unsigned char*) p,
+ p += check_timestamp((unsigned char*) p,
&buffer->timestamp, false, !BSDOutputFormat);
DPRINTF(D_DATA, "Got timestamp \"%s\"\n", buffer->timestamp);
+ if (flags & ADDDATE || !buffer->timestamp) {
+ FREEPTR(buffer->timestamp);
+ buffer->timestamp = strdup(make_timestamp(NULL,
+ !BSDOutputFormat));
+ }
+
if (*p == ' ') p++; /* SP */
else goto all_bsd_msg;
/* in any error case we skip header parsing and
@@ -1451,7 +1464,8 @@
if (*q == '>' && n >= 0 && n < INT_MAX && errno == 0) {
p = q + 1;
pri = (int)n;
- if (*p == '1') { /* syslog-protocol version */
+ /* check for syslog-protocol version */
+ if (*p == '1' && p[1] == ' ') {
p += 2; /* skip version and space */
bsdsyslog = false;
} else {
@@ -1676,21 +1690,24 @@
&& islower(from_buf[2]))
found_ts = true;
}
- if (!found_ts && from_buf[0] == '-' && from_buf[1] == ' ') {
- /* NILVALUE */
- if (to_iso) {
- /* with ISO = syslog-protocol output leave
- * it as is, because it is better to have
- * no timestamp than a wrong one.
- */
- *to_buf = strdup("-");
- } else {
- /* with BSD Syslog the field is reqired
- * so replace it with current time
- */
- *to_buf = strdup(make_timestamp(NULL, false));
+ if (!found_ts) {
+ if (from_buf[0] == '-' && from_buf[1] == ' ') {
+ /* NILVALUE */
+ if (to_iso) {
+ /* with ISO = syslog-protocol output leave
+ * it as is, because it is better to have
+ * no timestamp than a wrong one.
+ */
+ *to_buf = strdup("-");
+ } else {
+ /* with BSD Syslog the field is reqired
+ * so replace it with current time
+ */
+ *to_buf = strdup(make_timestamp(NULL, false));
+ }
+ return 2;
}
- return 2;
+ return 0;
}
if (!from_iso && !to_iso) {
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40043 CVS commit: src/usr.sbin/syslogd
Date: Thu, 27 Nov 2008 20:37:21 +0000 (UTC)
Module Name: src
Committed By: christos
Date: Thu Nov 27 20:37:21 UTC 2008
Modified Files:
src/usr.sbin/syslogd: syslogd.c
Log Message:
PR/40043: Geoff C. Wing: syslogd timestamping and protocol parsing deficiencies
Syslogd does not properly handle:
1) the ADDDATE flag which is set with -T invocation and when messages
come from the kernel. Other cases where it is set it is ignored
as timestamping is always done (e.g. logmsg_async())
2) the variable found_ts in check_timestamp(). It would determine
whether or not the message had a (possibly valid) timestamp, set
found_ts to true, then ignore that in most cases. If we can't find
a timestamp return.
3) messages without a parsable timestamp should get one when outputting
the BSD syslog format so that a syslog-protocol timestamp isn't
injected (chopped off with BSD syslog length) giving something like:
"2008-11-27T15:0 cisco -: 1790:"
^ time might have been 2008-11-27T15:02:35.296497+11:00
4) syslog protocol version checking only checked for a leading numeral
one (1) then skipped two places (presuming a space). Messages sent
from some sources (e.g. my cisco) may be
"1795: Nov 27 04:12:52: %LINEPROTO-5-..."
which would be chopped to
"95: Nov 27 04:12:52: %LINEPROTO-5-..."
To generate a diff of this commit:
cvs rdiff -r1.93 -r1.94 src/usr.sbin/syslogd/syslogd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 18 May 2009 07:13:26 +0000
State-Changed-Why:
Christos committed it in November; thanks :-)
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home