Date: Sat, 26 Mar 2005 18:00:52 GMT From: Shuichi KITAGUCHI <kit@ysnb.net> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/79260: syslogd may accept illegal facility number from remote. Message-ID: <200503261800.j2QI0qWa011959@www.freebsd.org> Resent-Message-ID: <200503261810.j2QIA2be009104@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 79260
>Category: bin
>Synopsis: syslogd may accept illegal facility number from remote.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 26 18:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Shuichi KITAGUCHI
>Release: 6-CURRENT (but all releases may affected)
>Organization:
>Environment:
FreeBSD rhea.k.ysnb.net 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Sat Mar 19 22:27:19 JST 2005 root@rhea.k.ysnb.net:/spool/sys/obj/data/sys/src/sys/RHEA i386
>Description:
syslogd can accept priority number which larger than LOG_NFACILITIES from remote host. but in struct filed, member variable f_pmask array and f_pcmp array is limited to LOG_NFACILITIES. therefore syslogd access invalid address in logmsg() when facility is larger than LOG_NFACILITIES.
>How-To-Repeat:
send syslog message which facility is larger than LOG_NFACILITIES from remote host.
>Fix:
I think following patch should fix this problem.
--- syslogd.c.old Mon Mar 21 22:19:01 2005
+++ syslogd.c Sun Mar 27 02:44:07 2005
@@ -918,6 +918,12 @@
fac = LOG_FAC(pri);
prilev = LOG_PRI(pri);
+ /* check maximum facility number */
+ if (fac > LOG_NFACILITIES){
+ (void)sigsetmask(omask);
+ return;
+ }
+
/* extract program name */
for (i = 0; i < NAME_MAX; i++) {
if (!isprint(msg[i]) || msg[i] == ':' || msg[i] == '[' ||
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503261800.j2QI0qWa011959>