React properly to the very unlikely cases where snprintf(3) may

fail. Log the message without formating, that is the best syslogd(8) can do. OK deraadt@
author: bluhm <bluhm@openbsd.org> 2019-07-02 13:17:27 +0000
committer: bluhm <bluhm@openbsd.org> 2019-07-02 13:17:27 +0000
commit: 2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0 (patch)
tree: 0f2ab4549c4f15c6a8914e4d21aaaafc605d77de /usr.sbin/syslogd
parent: up_generate_default() needs to fake a prefix entry so that the outbound (diff)
download: wireguard-openbsd-2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0.tar.xz
wireguard-openbsd-2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0.zip
1 files changed, 35 insertions, 13 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index cd3ce8cc63a..b84454987d9 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syslogd.c,v 1.260 2019/06/28 13:32:51 deraadt Exp $	*/
+/*	$OpenBSD: syslogd.c,v 1.261 2019/07/02 13:17:27 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2014-2017 Alexander Bluhm <bluhm@genua.de>
@@ -1639,9 +1639,14 @@ printsys(char *msg)
 	int c, pri, flags;
 	char *lp, *p, *q, line[LOG_MAXLINE + 1];
 	size_t prilen;
+	int l;
 
-	(void)snprintf(line, sizeof line, "%s: ", _PATH_UNIX);
-	lp = line + strlen(line);
+	l = snprintf(line, sizeof(line), "%s: ", _PATH_UNIX);
+	if (l < 0 || l >= sizeof(line)) {
+		line[0] = '\0';
+		l = 0;
+	}
+	lp = line + l;
 	for (p = msg; *p != '\0'; ) {
 		flags = SYNC_FILE | ADDDATE;	/* fsync file after write */
 		pri = DEFSPRI;
@@ -1666,11 +1671,15 @@ void
 vlogmsg(int pri, const char *proc, const char *fmt, va_list ap)
 {
 	char	msg[ERRBUFSIZE];
-	size_t	l;
+	int	l;
 
 	l = snprintf(msg, sizeof(msg), "%s[%d]: ", proc, getpid());
-	if (l < sizeof(msg))
-		vsnprintf(msg + l, sizeof(msg) - l, fmt, ap);
+	if (l < 0 || l >= sizeof(msg))
+		l = 0;
+	l = vsnprintf(msg + l, sizeof(msg) - l, fmt, ap);
+	if (l < 0)
+		strlcpy(msg, fmt, sizeof(msg));
+
 	if (!Started) {
 		fprintf(stderr, "%s\n", msg);
 		init_dropped++;
@@ -1908,8 +1917,12 @@ fprintlog(struct filed *f, int flags, char *msg)
 		l = snprintf(greetings, sizeof(greetings),
 		    "\r\n\7Message from syslogd@%s at %.24s ...\r\n",
 		    f->f_prevhost, ctime(&now.tv_sec));
-		if (l < 0 || (size_t)l >= sizeof(greetings))
-			l = strlen(greetings);
+		if (l < 0)
+			l = strlcpy(greetings,
+			    "\r\n\7Message from syslogd ...\r\n",
+			    sizeof(greetings));
+		if (l >= sizeof(greetings))
+			l = sizeof(greetings) - 1;
 		v->iov_base = greetings;
 		v->iov_len = l;
 		v++;
@@ -1953,8 +1966,11 @@ fprintlog(struct filed *f, int flags, char *msg)
 	} else if (f->f_prevcount > 1) {
 		l = snprintf(repbuf, sizeof(repbuf),
 		    "last message repeated %d times", f->f_prevcount);
-		if (l < 0 || (size_t)l >= sizeof(repbuf))
-			l = strlen(repbuf);
+		if (l < 0)
+			l = strlcpy(repbuf, "last message repeated",
+			    sizeof(repbuf));
+		if (l >= sizeof(repbuf))
+			l = sizeof(repbuf) - 1;
 		v->iov_base = repbuf;
 		v->iov_len = l;
 	} else {
@@ -1978,8 +1994,12 @@ fprintlog(struct filed *f, int flags, char *msg)
 		    IncludeHostname ? LocalHostName : "",
 		    IncludeHostname ? " " : "",
 		    (char *)iov[4].iov_base);
-		if (l < 0 || (size_t)l > MINIMUM(MAX_UDPMSG, sizeof(line)))
-			l = MINIMUM(MAX_UDPMSG, sizeof(line));
+		if (l < 0)
+			l = strlcpy(line, iov[4].iov_base, sizeof(line));
+		if (l >= sizeof(line))
+			l = sizeof(line) - 1;
+		if (l >= MAX_UDPMSG + 1)
+			l = MAX_UDPMSG;
 		if (sendto(f->f_file, line, l, 0,
 		    (struct sockaddr *)&f->f_un.f_forw.f_addr,
 		    f->f_un.f_forw.f_addr.ss_len) != l) {
@@ -2149,9 +2169,11 @@ fprintlog(struct filed *f, int flags, char *msg)
 
 	case F_MEMBUF:
 		log_debug("%s", "");
-		snprintf(line, sizeof(line), "%.32s %s %s",
+		l = snprintf(line, sizeof(line), "%.32s %s %s",
 		    (char *)iov[0].iov_base, (char *)iov[2].iov_base,
 		    (char *)iov[4].iov_base);
+		if (l < 0)
+			l = strlcpy(line, iov[4].iov_base, sizeof(line));
 		if (ringbuf_append_line(f->f_un.f_mb.f_rb, line) == 1)
 			f->f_un.f_mb.f_overflow = 1;
 		if (f->f_un.f_mb.f_attached)
author	bluhm <bluhm@openbsd.org>	2019-07-02 13:17:27 +0000
committer	bluhm <bluhm@openbsd.org>	2019-07-02 13:17:27 +0000
commit	2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0 (patch)
tree	0f2ab4549c4f15c6a8914e4d21aaaafc605d77de /usr.sbin/syslogd
parent	up_generate_default() needs to fake a prefix entry so that the outbound (diff)
download	wireguard-openbsd-2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0.tar.xz wireguard-openbsd-2dc9d30c66b296f4d7fa9937ed06ef5326b3d6f0.zip