diff options
| author | Juergen Daubert <jue@jue.li> | 2014-10-16 17:59:40 +0200 |
|---|---|---|
| committer | Juergen Daubert <jue@jue.li> | 2014-10-16 17:59:40 +0200 |
| commit | 520dab34ad9993eb440e1580033800550102f3fe (patch) | |
| tree | 3aed3159523b31bda9d2afee62133d85cae06ec3 /sysklogd | |
| parent | 4572183b7b3eb8cafb999edf185df6b4da694f1b (diff) | |
| download | core-520dab34ad9993eb440e1580033800550102f3fe.tar.gz core-520dab34ad9993eb440e1580033800550102f3fe.tar.xz | |
sysklogd: update to 1.5.1
Diffstat (limited to 'sysklogd')
| -rw-r--r-- | sysklogd/.md5sum | 3 | ||||
| -rw-r--r-- | sysklogd/Pkgfile | 15 | ||||
| -rw-r--r-- | sysklogd/sysklogd-1.5_CVE-2014-3634.diff | 91 |
3 files changed, 5 insertions, 104 deletions
diff --git a/sysklogd/.md5sum b/sysklogd/.md5sum index b0bf5206..f7742c82 100644 --- a/sysklogd/.md5sum +++ b/sysklogd/.md5sum @@ -1,6 +1,5 @@ 41dfad9077311e159c793216adf90723 rotatelog a1bb71ed6b0ce791cb7f9fa0089a09ef sysklogd -e053094e8103165f98ddafe828f6ae4b sysklogd-1.5.tar.gz -b87e652115b7b2d0cd1615a2323fcfbe sysklogd-1.5_CVE-2014-3634.diff +c70599ab0d037fde724f7210c2c8d7f8 sysklogd-1.5.1.tar.gz 844e5e75944beb8cf4f39a0535e56ba4 syslog f8d478b8d60c1d3879f4a10a955db6e5 syslog.conf diff --git a/sysklogd/Pkgfile b/sysklogd/Pkgfile index 379b8caa..6b1f8c88 100644 --- a/sysklogd/Pkgfile +++ b/sysklogd/Pkgfile @@ -3,21 +3,14 @@ # Maintainer: CRUX System Team, core-ports at crux dot nu name=sysklogd -version=1.5 -release=6 -source=(http://www.ibiblio.org/pub/Linux/system/daemons/$name-$version.tar.gz \ - rotatelog syslog syslog.conf sysklogd - $name-${version}_CVE-2014-3634.diff) +version=1.5.1 +release=1 +source=(http://www.infodrom.org/projects/$name/download/$name-$version.tar.gz \ + rotatelog syslog syslog.conf sysklogd) build() { cd $name-$version - # http://seclists.org/oss-sec/2014/q4/79 - patch -p1 -i $SRC/$name-${version}_CVE-2014-3634.diff - - # don't try to fclose(NULL) - sed -i -e '192d' ksym_mod.c - mkdir -p $PKG/usr/sbin \ $PKG/etc/{cron/weekly,rc.d} \ $PKG/var/log \ diff --git a/sysklogd/sysklogd-1.5_CVE-2014-3634.diff b/sysklogd/sysklogd-1.5_CVE-2014-3634.diff deleted file mode 100644 index bc64756f..00000000 --- a/sysklogd/sysklogd-1.5_CVE-2014-3634.diff +++ /dev/null @@ -1,91 +0,0 @@ -From 43797330e75d7d4687b7ae6926a996c3c85c2679 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1 AT zoho DOT com> -Date: Wed, 1 Oct 2014 -Subject: CVE-2014-3634 - -Rainer Gerhards, rsyslog project leader, discovered an issue in rsyslogd -where invalid priority values can trigger DoS and potentially RCE. - -As his analysis reveals, the cause of the problem identified in rsyslog's -rsyslogd also exists in sysklogd's syslogd (from which rsyslogd was forked) -and stems from the use of a (LOG_FACMASK|LOG_PRIMASK) mask to detect invalid -priority values. - -In sysklogd's syslogd, invalid priority values between 192 and 1023 (directly -or arrived at via overflow wraparound) can propagate through code causing -out-of-bounds access to the f_pmask array within the 'filed' structure by up -to 104 bytes past its end. Though most likely insufficient to reach -unallocated memory because there are around 544 bytes past f_pmask in 'filed' -(mod packing and other differences), incorrect access of fields at higher -positions of the 'filed' structure definition can cause unexpected behavior -including message mis-classification, forwarding issues, message loss, -or other. - -This patch imposes a restriction on PRI message parts and requires they -be properly-delimited priority value strings that have non-negative -numerical values not exceeding 191. As before, sysklogd's syslogd permits -zero padding to not break compatibility with RFC-non-compliant loggers that -issue PRIs such as <0091>. Messages without well-formed PRI parts get -logged with priority user.notice (13). (c.f. RFC 3164) - -Thanks to Rainer Gerhards for the initial report and analysis. - -[1] http://www.rsyslog.com/remote-syslog-pri-vulnerability/ -[2] http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ - ---- - syslogd.c | 25 +++++++++++++++++++------ - 1 file changed, 19 insertions(+), 6 deletions(-) - ---- a/syslogd.c -+++ b/syslogd.c -@@ -632,6 +632,8 @@ int funix[MAXFUNIX] = { -1, }; - #define TABLE_ALLPRI 0xFF /* Value to indicate all priorities in f_pmask */ - #define LOG_MARK LOG_MAKEPRI(LOG_NFACILITIES, 0) /* mark "facility" */ - -+#define MAX_PRI 191 /* Maximum Priority per RFC 3164 */ -+ - /* - * Flags to logmsg(). - */ -@@ -1491,23 +1493,34 @@ void printline(hname, msg) - register char *p, *q; - register unsigned char c; - char line[MAXLINE + 1]; -- int pri; -+ unsigned int pri; // Valid Priority values are 0-191 -+ int prilen=0; // Track Priority value string len -+ int msglen; - - /* test for special codes */ -+ msglen=strlen(msg); - pri = DEFUPRI; - p = msg; - - if (*p == '<') { - pri = 0; -- while (isdigit(*++p)) -- { -- pri = 10 * pri + (*p - '0'); -+ while (--msglen > 0 && isdigit((unsigned char)*++p) && -+ pri <= MAX_PRI) { -+ pri = 10 * pri + (*p - '0'); -+ prilen++; - } -- if (*p == '>') -+ if (*p == '>' && prilen) - ++p; -+ else { -+ pri = DEFUPRI; -+ p = msg; -+ } - } -- if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) -+ -+ if ((pri &~ (LOG_FACMASK|LOG_PRIMASK)) || (pri > MAX_PRI)) { - pri = DEFUPRI; -+ p = msg; -+ } - - memset (line, 0, sizeof(line)); - q = line; |