Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Mar 2020 18:16:37 +0000 (UTC)
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r359276 - head/usr.sbin/newsyslog
Message-ID:  <202003241816.02OIGbCM003941@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: markj
Date: Tue Mar 24 18:16:36 2020
New Revision: 359276
URL: https://svnweb.freebsd.org/changeset/base/359276

Log:
  newsyslog: Fix stack corruption when initializing a zipwork structure.
  
  This happens when compressing a previously uncompressed already-rotated
  file, as happens when handling the 'p' flag in newsyslog.conf.  The file
  name is stored in a flexible array member, so these structures cannot be
  stack allocated.
  
  Also make sure that we call change_attrs() and do_zipwork() in dry-run
  mode; they handle this properly, contrary to the commit log message for
  r327451.
  
  CID:		1008168
  Github PR:	https://github.com/freebsd/freebsd/pull/427
  MFC after:	2 weeks
  Submitted by:	Radek Brich (original version)

Modified:
  head/usr.sbin/newsyslog/newsyslog.c

Modified: head/usr.sbin/newsyslog/newsyslog.c
==============================================================================
--- head/usr.sbin/newsyslog/newsyslog.c	Tue Mar 24 18:16:02 2020	(r359275)
+++ head/usr.sbin/newsyslog/newsyslog.c	Tue Mar 24 18:16:36 2020	(r359276)
@@ -1829,17 +1829,23 @@ do_rotate(const struct conf_entry *ent)
 		else {
 			/* XXX - Ought to be checking for failure! */
 			(void)rename(zfile1, zfile2);
-			change_attrs(zfile2, ent);
-			if (ent->compress && !strlen(logfile_suffix)) {
-				/* compress old rotation */
-				struct zipwork_entry zwork;
+		}
+		change_attrs(zfile2, ent);
+		if (ent->compress && strlen(logfile_suffix) == 0) {
+			/* compress old rotation */
+			struct zipwork_entry *zwork;
+			size_t sz;
 
-				memset(&zwork, 0, sizeof(zwork));
-				zwork.zw_conf = ent;
-				zwork.zw_fsize = sizefile(zfile2);
-				strcpy(zwork.zw_fname, zfile2);
-				do_zipwork(&zwork);
-			}
+			sz = sizeof(*zwork) + strlen(zfile2) + 1;
+			zwork = calloc(1, sz);
+			if (zwork == NULL)
+				err(1, "calloc");
+
+			zwork->zw_conf = ent;
+			zwork->zw_fsize = sizefile(zfile2);
+			strcpy(zwork->zw_fname, zfile2);
+			do_zipwork(zwork);
+			free(zwork);
 		}
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003241816.02OIGbCM003941>