Mailing List Archive

rsyslog-8.22 SIGSEGV
Hi,

I'm observing segfaults with rsyslog version 8.22.
Segfault is observed at strlen function for passing NULL pointer, pRes pointer is passed to strlen.
In the code I can see that there is no NULL check for this pointer before passing it at line 3721 in runtime/msg.c file.
And also there is no validation for strdup() at line 2355 in runtime/msg.c file which might lead to this segfault.
I think adding NULL check for pRes and validating string function should solve some crashes or whether fixes have been pushed in the latest version.
Please suggest.
----------------------------------------
Regards,
Amrut Shetty


Disclaimer:- The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. The views expressed in this E-mail message (including the enclosure/(s) or attachment/(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of GlobalEdge. Before opening any mail and attachments please check them for viruses .GlobalEdge does not accept any liability for virus infected mails.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: rsyslog-8.22 SIGSEGV [ In reply to ]
config and debug log would help.

a core dump may end up being needed.

David Lang

On Tue, 5 Feb 2019, Amrut Shetty wrote:

> Hi,
>
> I'm observing segfaults with rsyslog version 8.22.
> Segfault is observed at strlen function for passing NULL pointer, pRes pointer is passed to strlen.
> In the code I can see that there is no NULL check for this pointer before passing it at line 3721 in runtime/msg.c file.
> And also there is no validation for strdup() at line 2355 in runtime/msg.c file which might lead to this segfault.
> I think adding NULL check for pRes and validating string function should solve some crashes or whether fixes have been pushed in the latest version.
> Please suggest.
> ----------------------------------------
> Regards,
> Amrut Shetty
>
>
> Disclaimer:- The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. The views expressed in this E-mail message (including the enclosure/(s) or attachment/(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of GlobalEdge. Before opening any mail and attachments please check them for viruses .GlobalEdge does not accept any liability for virus infected mails.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: rsyslog-8.22 SIGSEGV [ In reply to ]
Following is the backtrace obtained through gdb,

#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:85
85 ../sysdeps/arm/armv6t2/strlen.S: No such file or directory.
[Current thread is 1 (LWP 15228)]
(gdb)
(gdb) bt
#0 0xb6ddb964 in ?? ()
#1 0x0048f64e in MsgGetProp (pMsg=<optimized out>, pTpe=0x0, pProp=<optimized out>, pPropLen=<optimized out>, pbMustBeFreed=0xb5cfe856,
ttNow=0x0) at msg.c:3720
#2 0x004be1f0 in evalVar (var=<optimized out>, usrptr=<optimized out>, ret=<optimized out>) at rainerscript.c:1975
#3 cnfexprEval (expr=0xb352f8, ret=0xb5cfe8a8, usrptr=<optimized out>) at rainerscript.c:2505
#4 0x004bd75c in cnfexprEval (expr=0xb35310, ret=0xb5cfe920, usrptr=<optimized out>) at rainerscript.c:2099
#5 0x004bd4da in cnfexprEval (expr=0xb35368, ret=0xb5cfe970, usrptr=<optimized out>) at rainerscript.c:2454
#6 0x004c1f18 in cnfexprEvalBool (expr=0xfffffff8, usrptr=0xb35300) at rainerscript.c:2660
#7 0x004a2d66 in execIf (stmt=<optimized out>, pMsg=<optimized out>, pWti=<optimized out>) at ruleset.c:257
#8 scriptExec (root=0xb32290, pMsg=0xb5d035d8, pWti=0xb328e0) at ruleset.c:549
#9 0x004a2808 in processBatch (pBatch=0xb32900, pWti=<optimized out>) at ruleset.c:595
#10 0x004ae854 in msgConsumer (notNeeded=<optimized out>, pBatch=0xb32900, pWti=0xb328e0) at rsyslogd.c:595
#11 0x0049ff38 in ConsumerReg (pThis=0xb2e3f0, pWti=<optimized out>) at queue.c:1982
#12 0x0049df1e in wtiWorker (pThis=0xb328e0) at wti.c:363
#13 0x0049da10 in wtpWorker (arg=0xb328e0) at wtp.c:389
#14 0xb6eb1550 in ?? ()

----------------------------------------
Regards,
Amrut Shetty

----- Original Message -----
From: "rsyslog" <rsyslog@lists.adiscon.com>
To: "rsyslog" <rsyslog@lists.adiscon.com>
Cc: "David Lang" <david@lang.hm>
Sent: Wednesday, February 6, 2019 3:44:32 AM
Subject: Re: [rsyslog] rsyslog-8.22 SIGSEGV

config and debug log would help.

a core dump may end up being needed.

David Lang

On Tue, 5 Feb 2019, Amrut Shetty wrote:

> Hi,
>
> I'm observing segfaults with rsyslog version 8.22.
> Segfault is observed at strlen function for passing NULL pointer, pRes pointer is passed to strlen.
> In the code I can see that there is no NULL check for this pointer before passing it at line 3721 in runtime/msg.c file.
> And also there is no validation for strdup() at line 2355 in runtime/msg.c file which might lead to this segfault.
> I think adding NULL check for pRes and validating string function should solve some crashes or whether fixes have been pushed in the latest version.
> Please suggest.
> ----------------------------------------
> Regards,
> Amrut Shetty
>
>
> Disclaimer:- The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. The views expressed in this E-mail message (including the enclosure/(s) or attachment/(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of GlobalEdge. Before opening any mail and attachments please check them for viruses .GlobalEdge does not accept any liability for virus infected mails.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Disclaimer:- The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. The views expressed in this E-mail message (including the enclosure/(s) or attachment/(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of GlobalEdge. Before opening any mail and attachments please check them for viruses .GlobalEdge does not accept any liability for virus infected mails.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.