From 7454d7ca9035de67d6961790cc9bbde79d80687f Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Mon, 25 May 2020 10:38:32 +0000
Subject: When DNS lookup of an UDP loghost failed, syslogd(8) did close the
 UDP sockets for sending messages.  Keep the sockets open if the config allows
 to send UDP.  Then they can be used to send if DNS is working during the next
 SIGHUP. bug reported and fix tested by sven falempin; OK millert@

---
 usr.sbin/syslogd/syslogd.c | 43 ++++++++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 19 deletions(-)

(limited to 'usr.sbin/syslogd')

diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index be63e9403c8..bbdce6b7c2e 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syslogd.c,v 1.262 2019/07/05 13:23:27 bluhm Exp $	*/
+/*	$OpenBSD: syslogd.c,v 1.263 2020/05/25 10:38:32 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2014-2017 Alexander Bluhm <bluhm@genua.de>
@@ -853,20 +853,6 @@ main(int argc, char *argv[])
 			event_add(ev_udp, NULL);
 		if (fd_udp6 != -1)
 			event_add(ev_udp6, NULL);
-	} else {
-		/*
-		 * If generic UDP file descriptors are used neither
-		 * for receiving nor for sending, close them.  Then
-		 * there is no useless *.514 in netstat.
-		 */
-		if (fd_udp != -1 && !send_udp) {
-			close(fd_udp);
-			fd_udp = -1;
-		}
-		if (fd_udp6 != -1 && !send_udp6) {
-			close(fd_udp6);
-			fd_udp6 = -1;
-		}
 	}
 	for (i = 0; i < nbind; i++)
 		if (fd_bind[i] != -1)
@@ -2416,6 +2402,7 @@ init(void)
 	s = 0;
 	strlcpy(progblock, "*", sizeof(progblock));
 	strlcpy(hostblock, "*", sizeof(hostblock));
+	send_udp = send_udp6 = 0;
 	while (getline(&cline, &s, cf) != -1) {
 		/*
 		 * check for end-of-section, comments, strip off trailing
@@ -2508,6 +2495,22 @@ init(void)
 	Initialized = 1;
 	dropped_warn(&init_dropped, "during initialization");
 
+	if (SecureMode) {
+		/*
+		 * If generic UDP file descriptors are used neither
+		 * for receiving nor for sending, close them.  Then
+		 * there is no useless *.514 in netstat.
+		 */
+		if (fd_udp != -1 && !send_udp) {
+			close(fd_udp);
+			fd_udp = -1;
+		}
+		if (fd_udp6 != -1 && !send_udp6) {
+			close(fd_udp6);
+			fd_udp6 = -1;
+		}
+	}
+
 	if (Debug) {
 		SIMPLEQ_FOREACH(f, &Files, f_next) {
 			for (i = 0; i <= LOG_NFACILITIES; i++)
@@ -2704,20 +2707,24 @@ cfline(char *line, char *progblock, char *hostblock)
 		}
 		if (proto == NULL)
 			proto = "udp";
-		ipproto = proto;
 		if (strcmp(proto, "udp") == 0) {
 			if (fd_udp == -1)
 				proto = "udp6";
 			if (fd_udp6 == -1)
 				proto = "udp4";
-			ipproto = proto;
+		}
+		ipproto = proto;
+		if (strcmp(proto, "udp") == 0) {
+			send_udp = send_udp6 = 1;
 		} else if (strcmp(proto, "udp4") == 0) {
+			send_udp = 1;
 			if (fd_udp == -1) {
 				log_warnx("no udp4 \"%s\"",
 				    f->f_un.f_forw.f_loghost);
 				break;
 			}
 		} else if (strcmp(proto, "udp6") == 0) {
+			send_udp6 = 1;
 			if (fd_udp6 == -1) {
 				log_warnx("no udp6 \"%s\"",
 				    f->f_un.f_forw.f_loghost);
@@ -2761,11 +2768,9 @@ cfline(char *line, char *progblock, char *hostblock)
 		if (strncmp(proto, "udp", 3) == 0) {
 			switch (f->f_un.f_forw.f_addr.ss_family) {
 			case AF_INET:
-				send_udp = 1;
 				f->f_file = fd_udp;
 				break;
 			case AF_INET6:
-				send_udp6 = 1;
 				f->f_file = fd_udp6;
 				break;
 			}
-- 
cgit v1.2.3-59-g8ed1b