[Bug 1059592] [NEW] Message and memory corruption in rsyslog

Launchpad Bug Tracker 1059592 at bugs.launchpad.net
Wed Nov 21 17:21:13 UTC 2012 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Chris J Arges (christopherarges):

When using the RFC5424 format, I've seen a number of corruptions in the
messages (missing messages and unprintable characters). I've also had
rsyslog crash out with "*** glibc detected *** rsyslogd: corrupted
double-linked list: ... ***".  The message corruptions match this
upstream bug - http://bugzilla.adiscon.com/show_bug.cgi?id=296

Based on the bug fixes to rsyslog between 5.8.6 and 5.10.0, it appears
that there have been various race conditions and memory corruption
issues that have since been fixed (5.8.6 is now nearly a year old).

In addition, rsyslog has some errors in the RFC5424 format that would
also be fixed by an update to 5.10.0 (like the nil value for PID and the
hostname in "last message repeated X times")

System information:
Ubuntu 12.04 LTS
rsyslog 5.8.6-1ubuntu8

--

Quantal/Precise SRU Justification

[Impact] 
 * If rsyslogd is configured using the RFC5424 format, messages can become corrupted and rsyslogd can potentially crash.

[Test Case]
 * Enable RFC5424 format logging by adding the following to /etc/rsyslog.conf
   $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Fromat
 * Eventually crashes/corruption can occur. The reporter in the upstream bug also had dynamic file templates that could also irritate this bug.

[Regression Potential] 
 * This patch is already present in upstream rsyslogd, and the patch cleanly backports to precise/quantal.
 * This patch modifies the message locking to ensure proper locking using the alternative format. Thus, testing using the traditional (default) format and RFC5424 format are needed.

[Other Info]
 * Upstream bug: http://bugzilla.adiscon.com/show_bug.cgi?id=296
 * Upstream patch: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=791b16ce06d75944e338a6e5fa14c0394bde6f1d

** Affects: rsyslog (Ubuntu)
     Importance: High
         Status: In Progress

** Affects: rsyslog (Ubuntu Precise)
     Importance: High
     Assignee: Chris J Arges (christopherarges)
         Status: In Progress

** Affects: rsyslog (Ubuntu Quantal)
     Importance: High
     Assignee: Chris J Arges (christopherarges)
         Status: In Progress

** Affects: rsyslog (Ubuntu Raring)
     Importance: High
         Status: In Progress

-- 
Message and memory corruption in rsyslog
https://bugs.launchpad.net/bugs/1059592
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list