| Summary: | app-admin/syslog-ng-3.2.4: segfault when having an invalid flag in the configuration file | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | roltel <roland.schnabel> |
| Component: | Current packages | Assignee: | Mr. Bones. (RETIRED) <mr_bones_> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | syslog-ng-3.2.4-cfgparser-fix.patch | ||
Just forgot to mention that the segfault was introduced with version 3.2. Syslog-ng-3.1.x and older did not show this behavior. Created attachment 272939 [details, diff]
syslog-ng-3.2.4-cfgparser-fix.patch
Something like this should probably work.
Yes, works for me. No more segfault. Syslog-ng now shows the line and position of the invalid flag. I think this is fixed in later syslog-ng versions. |
If you define a flag in your syslog-ng configuration file that is not supported by syslog-ng, syslog-ng segfaults if you try to start the service: /etc/init.d/syslog-ng: line 22: 10842 Segmentation fault syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf) [ !! ] * ERROR: syslog-ng failed to start Reproducible: Always Steps to Reproduce: 1. Edit /etc/syslog-ng/syslog-ng.conf and add an invalid flag to configuration line (e.g.: destination df_dummy { file("/var/log/dummy" flags(invalid-flag)); }; 2. Start the syslog-ng service ( rc-config start syslog-ng ) Actual Results: Syslog-ng segfaults, the service does not start Expected Results: Syslog-ng should only print a message about an invalid configuration. The segmentation fault is highly irritating because it suggests that there is something wrong with the compilation / glibc is broken / etc. The init-script of syslog-ng first tries to validate the configuration file: syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf The error occurs in the source file lib/cfg-parser.c #263 for (h = 0; handlers[h].name; h++) { CfgFlagHandler *handler = &handlers[h]; if (strcmp(handlers[h].name, flag) == 0) { switch (handler->op) ... The loop goes through all flags known to syslog-ng and tries to match it to the current flag which is read from the configuration file. The idea is that the for-loop will stop as soon as handlers[h].name == NULL. I debugged this code, and saw that handlers[h].name never equals NULL. After reaching the end of the array, handlers[h].name points to some random memory location. strcmp() then tries to access this invalid memory location and crashes. I think there are 2 problems to be fixed here: 1. The for-loop should terminate by reaching the max. number of elements in the array, and not by looking at the value of a string address. Alternatively you have to make absolutely sure that the last element in the array contains a NULL address for the name variable. 2. strcmp() should be replaced by strncmp() to make sure that only a certain number of characters are used for comparison. In that way strcmp() would not crash even if one of the strings points to a string address that is not \0 terminated.