OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=3

2008-12-16 16:44:40 +00:00 · 2008-12-16 16:44:40 +00:00 · a9ec9f4a46
commit a9ec9f4a46
parent 4307d1ae68
4 changed files with 281 additions and 1 deletions
--- a/rsyslog-3.18.3-honor-AllowedSender.bnc457273.dif
+++ b/rsyslog-3.18.3-honor-AllowedSender.bnc457273.dif
@ -0,0 +1,233 @@
+--- net.c
+++ net.c	2008/12/15 12:01:28
+@@ -80,6 +80,31 @@
+ int     ACLAddHostnameOnFail = 0; /* add hostname to acl when DNS resolving has failed */
+ int     ACLDontResolve = 0;       /* add hostname to acl instead of resolving it to IP(s) */
+ 
+/* sets the correct allow root pointer based on provided type
+ * rgerhards, 2008-12-01
+ */
+static inline rsRetVal
+setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType)
+{
+	DEFiRet;
+
+	if(!strcmp((char*)pszType, "UDP"))
+		*ppAllowRoot = pAllowedSenders_UDP;
+	else if(!strcmp((char*)pszType, "TCP"))
+		*ppAllowRoot = pAllowedSenders_TCP;
+#ifdef USE_GSSAPI
+	else if(!strcmp((char*)pszType, "GSS"))
+		*ppAllowRoot = pAllowedSenders_GSS;
+#endif
+	else {
+		dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType);
+		ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */
+	}
+
+finalize_it:
+	RETiRet;
+}
+
+ /* Code for handling allowed/disallowed senders
+  */
+ static inline void MaskIP6 (struct in6_addr *addr, uint8_t bits) {
+@@ -143,24 +168,28 @@
+ }
+ 
+ /* function to clear the allowed sender structure in cases where
+- * it must be freed (occurs most often when HUPed.
+- * TODO: reconsider recursive implementation
+- * I think there is also a memory leak, because only the last entry
+- * is acutally deleted... -- rgerhards, 2007-12-25
+ * it must be freed (occurs most often when HUPed).
+ * rgerhards, 2008-12-02: revamped this code when we fixed the
+ * interface definition. Now an iterative algorithm is used.
+  */
+-void clearAllowedSenders (struct AllowedSenders *pAllow)
+static void
+clearAllowedSenders(uchar *pszType)
+ {
+-	if (pAllow != NULL) {
+-		if (pAllow->pNext != NULL)
+-			clearAllowedSenders (pAllow->pNext);
+-		else {
+-			if (F_ISSET(pAllow->allowedSender.flags, ADDR_NAME))
+-				free (pAllow->allowedSender.addr.HostWildcard);
+-			else
+-				free (pAllow->allowedSender.addr.NetAddr);
+-			
+-			free (pAllow);
+-		}
+	struct AllowedSenders *pPrev;
+	struct AllowedSenders *pCurr;
+
+	if(setAllowRoot(&pCurr, pszType) != RS_RET_OK)
+		return;	/* if something went wrong, so let's leave */
+
+	while(pCurr != NULL) {
+		pPrev = pCurr;
+		pCurr = pCurr->pNext;
+		/* now delete the entry we are right now processing */
+		if(F_ISSET(pPrev->allowedSender.flags, ADDR_NAME))
+			free(pPrev->allowedSender.addr.HostWildcard);
+		else
+			free(pPrev->allowedSender.addr.NetAddr);
+		free(pPrev);
+ 	}
+ }
+ 
+@@ -545,12 +574,16 @@
+  * returns 1, if the sender is allowed, 0 otherwise.
+  * rgerhards, 2005-09-26
+  */
+-static int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost)
+static int isAllowedSender(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost)
+ {
+ 	struct AllowedSenders *pAllow;
+-	
+	struct AllowedSenders *pAllowRoot;
+
+ 	assert(pFrom != NULL);
+ 
+	if(setAllowRoot(&pAllowRoot, pszType) != RS_RET_OK)
+		return 0;	/* if something went wrong, we denie access - that's the better choice... */
+
+ 	if(pAllowRoot == NULL)
+ 		return 1; /* checking disabled, everything is valid! */
+ 	
+--- net.h
+++ net.h	2008/12/15 12:02:00
+@@ -92,19 +92,16 @@
+ 	/* things to go away after proper modularization */
+ 	rsRetVal (*addAllowedSenderLine)(char* pName, uchar** ppRestOfConfLine);
+ 	void (*PrintAllowedSenders)(int iListToPrint);
+-	void (*clearAllowedSenders) ();
+	void (*clearAllowedSenders)(uchar *pszType);
+ 	void (*debugListenInfo)(int fd, char *type);
+ 	int *(*create_udp_socket)(uchar *hostname, uchar *LogPort, int bIsServer);
+ 	void (*closeUDPListenSockets)(int *finet);
+-	int (*isAllowedSender)(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost);
+	int (*isAllowedSender)(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost);
+ 	rsRetVal (*getLocalHostname)(uchar**);
+ 	int (*should_use_so_bsdcompat)(void);
+ 	/* data memebers - these should go away over time... TODO */
+ 	int    *pACLAddHostnameOnFail; /* add hostname to acl when DNS resolving has failed */
+ 	int    *pACLDontResolve;       /* add hostname to acl instead of resolving it to IP(s) */
+-	struct AllowedSenders *pAllowedSenders_UDP;
+-	struct AllowedSenders *pAllowedSenders_TCP;
+-	struct AllowedSenders *pAllowedSenders_GSS;
+ ENDinterface(net)
+ #define netCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */
+ 
+--- plugins/imgssapi/imgssapi.c
+++ plugins/imgssapi/imgssapi.c	2008/12/15 12:08:07
+@@ -172,10 +172,10 @@
+ 	pGSess = (gss_sess_t*) pUsrSess;
+ 
+ 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) &&
+-	   net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN))
+ 		allowedMethods |= ALLOWEDMETHOD_TCP;
+ 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) &&
+-	   net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN))
+ 		allowedMethods |= ALLOWEDMETHOD_GSS;
+ 	if(allowedMethods && pGSess != NULL)
+ 		pGSess->allowedMethods = allowedMethods;
+@@ -645,14 +645,8 @@
+ BEGINafterRun
+ CODESTARTafterRun
+ 	/* do cleanup here */
+-	if (net.pAllowedSenders_TCP != NULL) {
+-		net.clearAllowedSenders (net.pAllowedSenders_TCP);
+-		net.pAllowedSenders_TCP = NULL;
+-	}
+-	if (net.pAllowedSenders_GSS != NULL) {
+-		net.clearAllowedSenders (net.pAllowedSenders_GSS);
+-		net.pAllowedSenders_GSS = NULL;
+-	}
+	net.clearAllowedSenders((uchar*)"TCP");
+	net.clearAllowedSenders((uchar*)"GSS");
+ ENDafterRun
+ 
+ 
+--- plugins/imrelp/imrelp.c
+++ plugins/imrelp/imrelp.c	2008/12/15 11:20:57
+@@ -64,7 +64,7 @@
+ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
+ 	        void __attribute__((unused)) *pUsrSess)
+ {
+-	return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+	return net.isAllowedSender((uchar*) "TCP", addr, fromHostFQDN);
+ }
+ 
+ #endif // #if 0
+@@ -135,10 +135,7 @@
+ CODESTARTafterRun
+ 	/* do cleanup here */
+ #if 0
+-	if(net.pAllowedSenders_TCP != NULL) {
+-		net.clearAllowedSenders(net.pAllowedSenders_TCP);
+-		net.pAllowedSenders_TCP = NULL;
+-	}
+	net.clearAllowedSenders((uchar*)"TCP");
+ #endif
+ ENDafterRun
+ 
+--- plugins/imtcp/imtcp.c
+++ plugins/imtcp/imtcp.c	2008/12/15 12:08:36
+@@ -66,7 +66,7 @@
+ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
+ 	        void __attribute__((unused)) *pUsrSess)
+ {
+-	return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+	return net.isAllowedSender((uchar*)"TCP", addr, fromHostFQDN);
+ }
+ 
+ 
+@@ -158,10 +158,7 @@
+ BEGINafterRun
+ CODESTARTafterRun
+ 	/* do cleanup here */
+-	if(net.pAllowedSenders_TCP != NULL) {
+-		net.clearAllowedSenders(net.pAllowedSenders_TCP);
+-		net.pAllowedSenders_TCP = NULL;
+-	}
+	net.clearAllowedSenders((uchar*)"TCP");
+ ENDafterRun
+ 
+ 
+--- plugins/imudp/imudp.c
+++ plugins/imudp/imudp.c	2008/12/15 12:09:02
+@@ -189,7 +189,7 @@
+ 							* configured to do this).
+ 							* rgerhards, 2005-09-26
+ 							*/
+-						       if(net.isAllowedSender(net.pAllowedSenders_UDP,
+						       if(net.isAllowedSender((uchar*)"UDP",
+ 							  (struct sockaddr *)&frominet, (char*)fromHostFQDN)) {
+ 							       parseAndSubmitMessage((char*)fromHost, (char*) pRcvBuf, l,
+ 							       MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY);
+@@ -238,10 +238,7 @@
+ BEGINafterRun
+ CODESTARTafterRun
+ 	/* do cleanup here */
+-	if (net.pAllowedSenders_UDP != NULL) {
+-		net.clearAllowedSenders (net.pAllowedSenders_UDP);
+-		net.pAllowedSenders_UDP = NULL;
+-	}
+	net.clearAllowedSenders((uchar*)"UDP");
+ 	if(udpLstnSocks != NULL)
+ 		net.closeUDPListenSockets(udpLstnSocks);
+ 	if(pRcvBuf != NULL)
+--- rsyslog.h
+++ rsyslog.h	2008/12/15 12:13:12
+@@ -172,6 +172,7 @@
+ 	RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */
+ 	RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */
+ 	RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */
+	RS_RET_CODE_ERR = -2109, /**< program code (internal) error */
+ 
+ 	/* RainerScript error messages (range 1000.. 1999) */
+ 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
--- a/rsyslog-3.18.3-imudp-discard-msg-DoS.bnc457273.dif
+++ b/rsyslog-3.18.3-imudp-discard-msg-DoS.bnc457273.dif
@ -0,0 +1,30 @@
+--- plugins/imudp/imudp.c
+++ plugins/imudp/imudp.c	2008/12/15 13:43:31
+@@ -49,6 +49,10 @@
+ DEFobjCurrIf(errmsg)
+ DEFobjCurrIf(net)
+ 
+static time_t ttLastDiscard = 0;	/* timestamp when a message from a non-permitted sender was last discarded
+					 * This shall prevent remote DoS when the "discard on disallowed sender"
+					 * message is configured to be logged on occurance of such a case.
+					 */
+ static int *udpLstnSocks = NULL;	/* Internet datagram sockets, first element is nbr of elements
+ 					 * read-only after init(), but beware of restart! */
+ static uchar *pszBindAddr = NULL;	/* IP to bind socket to */
+@@ -196,8 +200,15 @@
+ 						       } else {
+ 							       dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN);
+ 							       if(option_DisallowWarning) {
+-								       errmsg.LogError(NO_ERRCODE, "UDP message from disallowed sender %s discarded",
+									time_t tt;
+
+									time(&tt);
+									if(tt > ttLastDiscard + 60) {
+										ttLastDiscard = tt;
+										errmsg.LogError(NO_ERRCODE,
+										"UDP message from disallowed sender %s discarded",
+ 										  (char*)fromHost);
+									}
+ 							       }	
+ 						       }
+ 					       }
--- a/rsyslog.changes
+++ b/rsyslog.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec 15 14:51:08 CET 2008 - mt@suse.de
+
+- Security fix to honor $AllowedSender settings (bnc#457273).
+- Security fix [DoS] from 3.20.2 to emit a discard message every
+  minute only (when DisallowWarning enabled) instead of every time;
+  this prevernts an attacker can fill the disk (bnc#457273).
+
 -------------------------------------------------------------------
 Wed Sep 10 15:11:05 CEST 2008 - schwab@suse.de

--- a/rsyslog.spec
+++ b/rsyslog.spec
@ -23,7 +23,7 @@ Name:           rsyslog
 %define         rsyslog_docdir %{_docdir}/%{name}
 %define         install_all_modules_in_lib 0
 Version:        3.18.3
-Release:        4
+Release:        7
 License:        GPL v3 or later
 Group:          System/Daemons
 Summary:        Rsyslog, the enhanced syslogd for Linux and Unix
@ -36,6 +36,8 @@ Source3:        rsyslog.early.conf.in
 Source4:        rsyslog.d.remote.conf.in
 Patch0:         %{name}-%{upstream_version}.dif
 Patch1:         %{name}-%{upstream_version}-moddirs.dif
+Patch2:         %{name}-%{upstream_version}-honor-AllowedSender.bnc457273.dif
+Patch3:         %{name}-%{upstream_version}-imudp-discard-msg-DoS.bnc457273.dif
 AutoReqProv:    on
 PreReq:         %insserv_prereq %fillup_prereq /sbin/klogd /etc/init.d/syslog /sbin/checkproc
 Provides:       syslog
@ -167,6 +169,8 @@ Authors:
 dos2unix doc/*.html
 %patch0 -p0
 %patch1 -p0
+%patch2 -p0
+%patch3 -p0

 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -W -Wall"
@ -442,6 +446,11 @@ fi
 %endif

 %changelog
+* Mon Dec 15 2008 mt@suse.de
+- Security fix to honor $AllowedSender settings (bnc#457273).
+- Security fix [DoS] from 3.20.2 to emit a discard message every
+  minute only (when DisallowWarning enabled) instead of every time;
+  this prevernts an attacker can fill the disk (bnc#457273).
 * Wed Sep 10 2008 schwab@suse.de
 - Run autoreconf.
 * Tue Sep 09 2008 mt@suse.de