Date: Sat, 26 Mar 2005 18:00:52 GMT From: Shuichi KITAGUCHI <kit@ysnb.net> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/79260: syslogd may accept illegal facility number from remote. Message-ID: <200503261800.j2QI0qWa011959@www.freebsd.org> Resent-Message-ID: <200503261810.j2QIA2be009104@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 79260 >Category: bin >Synopsis: syslogd may accept illegal facility number from remote. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 26 18:10:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Shuichi KITAGUCHI >Release: 6-CURRENT (but all releases may affected) >Organization: >Environment: FreeBSD rhea.k.ysnb.net 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Sat Mar 19 22:27:19 JST 2005 root@rhea.k.ysnb.net:/spool/sys/obj/data/sys/src/sys/RHEA i386 >Description: syslogd can accept priority number which larger than LOG_NFACILITIES from remote host. but in struct filed, member variable f_pmask array and f_pcmp array is limited to LOG_NFACILITIES. therefore syslogd access invalid address in logmsg() when facility is larger than LOG_NFACILITIES. >How-To-Repeat: send syslog message which facility is larger than LOG_NFACILITIES from remote host. >Fix: I think following patch should fix this problem. --- syslogd.c.old Mon Mar 21 22:19:01 2005 +++ syslogd.c Sun Mar 27 02:44:07 2005 @@ -918,6 +918,12 @@ fac = LOG_FAC(pri); prilev = LOG_PRI(pri); + /* check maximum facility number */ + if (fac > LOG_NFACILITIES){ + (void)sigsetmask(omask); + return; + } + /* extract program name */ for (i = 0; i < NAME_MAX; i++) { if (!isprint(msg[i]) || msg[i] == ':' || msg[i] == '[' || >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503261800.j2QI0qWa011959>