sysklogd: update to 1.5.1
This commit is contained in:
parent
4572183b7b
commit
520dab34ad
@ -1,6 +1,5 @@
|
|||||||
41dfad9077311e159c793216adf90723 rotatelog
|
41dfad9077311e159c793216adf90723 rotatelog
|
||||||
a1bb71ed6b0ce791cb7f9fa0089a09ef sysklogd
|
a1bb71ed6b0ce791cb7f9fa0089a09ef sysklogd
|
||||||
e053094e8103165f98ddafe828f6ae4b sysklogd-1.5.tar.gz
|
c70599ab0d037fde724f7210c2c8d7f8 sysklogd-1.5.1.tar.gz
|
||||||
b87e652115b7b2d0cd1615a2323fcfbe sysklogd-1.5_CVE-2014-3634.diff
|
|
||||||
844e5e75944beb8cf4f39a0535e56ba4 syslog
|
844e5e75944beb8cf4f39a0535e56ba4 syslog
|
||||||
f8d478b8d60c1d3879f4a10a955db6e5 syslog.conf
|
f8d478b8d60c1d3879f4a10a955db6e5 syslog.conf
|
||||||
|
@ -3,21 +3,14 @@
|
|||||||
# Maintainer: CRUX System Team, core-ports at crux dot nu
|
# Maintainer: CRUX System Team, core-ports at crux dot nu
|
||||||
|
|
||||||
name=sysklogd
|
name=sysklogd
|
||||||
version=1.5
|
version=1.5.1
|
||||||
release=6
|
release=1
|
||||||
source=(http://www.ibiblio.org/pub/Linux/system/daemons/$name-$version.tar.gz \
|
source=(http://www.infodrom.org/projects/$name/download/$name-$version.tar.gz \
|
||||||
rotatelog syslog syslog.conf sysklogd
|
rotatelog syslog syslog.conf sysklogd)
|
||||||
$name-${version}_CVE-2014-3634.diff)
|
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $name-$version
|
cd $name-$version
|
||||||
|
|
||||||
# http://seclists.org/oss-sec/2014/q4/79
|
|
||||||
patch -p1 -i $SRC/$name-${version}_CVE-2014-3634.diff
|
|
||||||
|
|
||||||
# don't try to fclose(NULL)
|
|
||||||
sed -i -e '192d' ksym_mod.c
|
|
||||||
|
|
||||||
mkdir -p $PKG/usr/sbin \
|
mkdir -p $PKG/usr/sbin \
|
||||||
$PKG/etc/{cron/weekly,rc.d} \
|
$PKG/etc/{cron/weekly,rc.d} \
|
||||||
$PKG/var/log \
|
$PKG/var/log \
|
||||||
|
@ -1,91 +0,0 @@
|
|||||||
From 43797330e75d7d4687b7ae6926a996c3c85c2679 Mon Sep 17 00:00:00 2001
|
|
||||||
From: mancha <mancha1 AT zoho DOT com>
|
|
||||||
Date: Wed, 1 Oct 2014
|
|
||||||
Subject: CVE-2014-3634
|
|
||||||
|
|
||||||
Rainer Gerhards, rsyslog project leader, discovered an issue in rsyslogd
|
|
||||||
where invalid priority values can trigger DoS and potentially RCE.
|
|
||||||
|
|
||||||
As his analysis reveals, the cause of the problem identified in rsyslog's
|
|
||||||
rsyslogd also exists in sysklogd's syslogd (from which rsyslogd was forked)
|
|
||||||
and stems from the use of a (LOG_FACMASK|LOG_PRIMASK) mask to detect invalid
|
|
||||||
priority values.
|
|
||||||
|
|
||||||
In sysklogd's syslogd, invalid priority values between 192 and 1023 (directly
|
|
||||||
or arrived at via overflow wraparound) can propagate through code causing
|
|
||||||
out-of-bounds access to the f_pmask array within the 'filed' structure by up
|
|
||||||
to 104 bytes past its end. Though most likely insufficient to reach
|
|
||||||
unallocated memory because there are around 544 bytes past f_pmask in 'filed'
|
|
||||||
(mod packing and other differences), incorrect access of fields at higher
|
|
||||||
positions of the 'filed' structure definition can cause unexpected behavior
|
|
||||||
including message mis-classification, forwarding issues, message loss,
|
|
||||||
or other.
|
|
||||||
|
|
||||||
This patch imposes a restriction on PRI message parts and requires they
|
|
||||||
be properly-delimited priority value strings that have non-negative
|
|
||||||
numerical values not exceeding 191. As before, sysklogd's syslogd permits
|
|
||||||
zero padding to not break compatibility with RFC-non-compliant loggers that
|
|
||||||
issue PRIs such as <0091>. Messages without well-formed PRI parts get
|
|
||||||
logged with priority user.notice (13). (c.f. RFC 3164)
|
|
||||||
|
|
||||||
Thanks to Rainer Gerhards for the initial report and analysis.
|
|
||||||
|
|
||||||
[1] http://www.rsyslog.com/remote-syslog-pri-vulnerability/
|
|
||||||
[2] http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
|
|
||||||
|
|
||||||
---
|
|
||||||
syslogd.c | 25 +++++++++++++++++++------
|
|
||||||
1 file changed, 19 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
--- a/syslogd.c
|
|
||||||
+++ b/syslogd.c
|
|
||||||
@@ -632,6 +632,8 @@ int funix[MAXFUNIX] = { -1, };
|
|
||||||
#define TABLE_ALLPRI 0xFF /* Value to indicate all priorities in f_pmask */
|
|
||||||
#define LOG_MARK LOG_MAKEPRI(LOG_NFACILITIES, 0) /* mark "facility" */
|
|
||||||
|
|
||||||
+#define MAX_PRI 191 /* Maximum Priority per RFC 3164 */
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Flags to logmsg().
|
|
||||||
*/
|
|
||||||
@@ -1491,23 +1493,34 @@ void printline(hname, msg)
|
|
||||||
register char *p, *q;
|
|
||||||
register unsigned char c;
|
|
||||||
char line[MAXLINE + 1];
|
|
||||||
- int pri;
|
|
||||||
+ unsigned int pri; // Valid Priority values are 0-191
|
|
||||||
+ int prilen=0; // Track Priority value string len
|
|
||||||
+ int msglen;
|
|
||||||
|
|
||||||
/* test for special codes */
|
|
||||||
+ msglen=strlen(msg);
|
|
||||||
pri = DEFUPRI;
|
|
||||||
p = msg;
|
|
||||||
|
|
||||||
if (*p == '<') {
|
|
||||||
pri = 0;
|
|
||||||
- while (isdigit(*++p))
|
|
||||||
- {
|
|
||||||
- pri = 10 * pri + (*p - '0');
|
|
||||||
+ while (--msglen > 0 && isdigit((unsigned char)*++p) &&
|
|
||||||
+ pri <= MAX_PRI) {
|
|
||||||
+ pri = 10 * pri + (*p - '0');
|
|
||||||
+ prilen++;
|
|
||||||
}
|
|
||||||
- if (*p == '>')
|
|
||||||
+ if (*p == '>' && prilen)
|
|
||||||
++p;
|
|
||||||
+ else {
|
|
||||||
+ pri = DEFUPRI;
|
|
||||||
+ p = msg;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
- if (pri &~ (LOG_FACMASK|LOG_PRIMASK))
|
|
||||||
+
|
|
||||||
+ if ((pri &~ (LOG_FACMASK|LOG_PRIMASK)) || (pri > MAX_PRI)) {
|
|
||||||
pri = DEFUPRI;
|
|
||||||
+ p = msg;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
memset (line, 0, sizeof(line));
|
|
||||||
q = line;
|
|
Loading…
Reference in New Issue
Block a user