mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-22 16:44:32 +01:00
Cleanup hostname matching in syslogd:
1. Hostnames were not treated case insensitively in all cases. 2. The method for stripping hostnames when reading the syslog.conf differed from that when finding the hostname of an incoming request. This lead to a broken match check. In my case, it meant I had to have '@scooter.smi.example.com.example.com' to have 'logger.example.com' properly save messages from 'scooter.smi.sendmail.com'. 3. Add paranoia to cfline() such that it doesn't try to access memory outside of the bounds of the f_host string. 4. While I am here, get rid of an outdated comment, argv[{0,1,2}] are now checked for NULL after the strdup() calls. Reviewed by: dwmalone MFC after: 1 week
This commit is contained in:
parent
d8082d11aa
commit
4095c651b0
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=114676
@ -262,6 +262,7 @@ static int Debug; /* debug flag */
|
||||
static int resolve = 1; /* resolve hostname */
|
||||
static char LocalHostName[MAXHOSTNAMELEN]; /* our hostname */
|
||||
static char *LocalDomain; /* our local domain name */
|
||||
static int LocalDomainLen; /* length of LocalDomain */
|
||||
static int *finet; /* Internet datagram socket */
|
||||
static int fklog = -1; /* /dev/klog */
|
||||
static int Initialized; /* set when we have initialized ourselves */
|
||||
@ -306,7 +307,7 @@ static void logerror(const char *);
|
||||
static void logmsg(int, const char *, const char *, int);
|
||||
static void log_deadchild(pid_t, int, const char *);
|
||||
static void markit(void);
|
||||
static int skip_message(const char *, const char *);
|
||||
static int skip_message(const char *, const char *, int);
|
||||
static void printline(const char *, char *);
|
||||
static void printsys(char *);
|
||||
static int p_open(const char *, pid_t *);
|
||||
@ -763,7 +764,7 @@ static time_t now;
|
||||
* based on the specification.
|
||||
*/
|
||||
static int
|
||||
skip_message(const char *name, const char *spec) {
|
||||
skip_message(const char *name, const char *spec, int checkcase) {
|
||||
const char *s;
|
||||
char prev, next;
|
||||
int exclude = 0;
|
||||
@ -781,7 +782,10 @@ skip_message(const char *name, const char *spec) {
|
||||
default:
|
||||
break;
|
||||
}
|
||||
s = strstr (spec, name);
|
||||
if (checkcase)
|
||||
s = strstr (spec, name);
|
||||
else
|
||||
s = strcasestr (spec, name);
|
||||
|
||||
if (s != NULL) {
|
||||
prev = (s == spec ? ',' : *(s - 1));
|
||||
@ -884,11 +888,11 @@ logmsg(int pri, const char *msg, const char *from, int flags)
|
||||
continue;
|
||||
|
||||
/* skip messages with the incorrect hostname */
|
||||
if (skip_message(from, f->f_host))
|
||||
if (skip_message(from, f->f_host, 0))
|
||||
continue;
|
||||
|
||||
/* skip messages with the incorrect program name */
|
||||
if (skip_message(prog, f->f_program))
|
||||
if (skip_message(prog, f->f_program, 1))
|
||||
continue;
|
||||
|
||||
/* skip message to console if it has already been printed */
|
||||
@ -1272,9 +1276,8 @@ reapchild(int signo __unused)
|
||||
static const char *
|
||||
cvthname(struct sockaddr *f)
|
||||
{
|
||||
int error;
|
||||
int error, hl;
|
||||
sigset_t omask, nmask;
|
||||
char *p;
|
||||
static char hname[NI_MAXHOST], ip[NI_MAXHOST];
|
||||
|
||||
error = getnameinfo((struct sockaddr *)f,
|
||||
@ -1302,9 +1305,12 @@ cvthname(struct sockaddr *f)
|
||||
dprintf("Host name for your address (%s) unknown\n", ip);
|
||||
return (ip);
|
||||
}
|
||||
/* XXX Not quite correct, but close enough for government work. */
|
||||
if ((p = strchr(hname, '.')) && strcasecmp(p + 1, LocalDomain) == 0)
|
||||
*p = '\0';
|
||||
hl = strlen(hname);
|
||||
if (hl > 0 && hname[hl-1] == '.')
|
||||
hname[--hl] = '\0';
|
||||
if (hl > LocalDomainLen && hname[hl-LocalDomainLen] == '.' &&
|
||||
strcasecmp(hname + hl - LocalDomainLen + 1, LocalDomain) == 0)
|
||||
hname[hl-LocalDomainLen] = '\0';
|
||||
return (hname);
|
||||
}
|
||||
|
||||
@ -1403,6 +1409,7 @@ init(int signo)
|
||||
} else {
|
||||
LocalDomain = "";
|
||||
}
|
||||
LocalDomainLen = strlen(LocalDomain);
|
||||
|
||||
/*
|
||||
* Close all open log files.
|
||||
@ -1614,7 +1621,7 @@ cfline(const char *line, struct filed *f, const char *prog, const char *host)
|
||||
if (host && *host == '*')
|
||||
host = NULL;
|
||||
if (host) {
|
||||
int hl, dl;
|
||||
int hl;
|
||||
|
||||
f->f_host = strdup(host);
|
||||
if (f->f_host == NULL) {
|
||||
@ -1622,12 +1629,13 @@ cfline(const char *line, struct filed *f, const char *prog, const char *host)
|
||||
exit(1);
|
||||
}
|
||||
hl = strlen(f->f_host);
|
||||
if (f->f_host[hl-1] == '.')
|
||||
if (hl > 0 && f->f_host[hl-1] == '.')
|
||||
f->f_host[--hl] = '\0';
|
||||
dl = strlen(LocalDomain) + 1;
|
||||
if (hl > dl && f->f_host[hl-dl] == '.' &&
|
||||
strcasecmp(f->f_host + hl - dl + 1, LocalDomain) == 0)
|
||||
f->f_host[hl-dl] = '\0';
|
||||
if (hl > LocalDomainLen &&
|
||||
f->f_host[hl-LocalDomainLen] == '.' &&
|
||||
strcasecmp(f->f_host + hl - LocalDomainLen + 1,
|
||||
LocalDomain) == 0)
|
||||
f->f_host[hl-LocalDomainLen] = '\0';
|
||||
}
|
||||
|
||||
/* save program name if any */
|
||||
@ -2277,7 +2285,6 @@ p_open(const char *prog, pid_t *pid)
|
||||
return (-1);
|
||||
|
||||
case 0:
|
||||
/* XXX should check for NULL return */
|
||||
argv[0] = strdup("sh");
|
||||
argv[1] = strdup("-c");
|
||||
argv[2] = strdup(prog);
|
||||
|
Loading…
Reference in New Issue
Block a user