Bug#605578: unblock: rsyslog/4.6.4-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: freeze-exception
Please unblock package rsyslog
It fixes a rather nasty bug in the TLS netstream driver which could lead
to a DoS.
Changelog:
rsyslog (4.6.4-2) unstable; urgency=low
* debian/patches/02-tls_loop_fix.patch
- Fix bug in TLS handling which could cause rsyslog to loop in a tight
loop and eating up all CPU and RAM resources. Closes: #549168
Patch cherry-picked from upstream Git.
-- Michael Biebl <biebl@debian.org> Tue, 30 Nov 2010 14:50:15 +0100
debdiff attached.
Thanks,
Michael
unblock rsyslog/4.6.4-2
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index d1f0088..ad31baf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+rsyslog (4.6.4-2) unstable; urgency=low
+
+ * debian/patches/02-tls_loop_fix.patch
+ - Fix bug in TLS handling which could cause rsyslog to loop in a tight
+ loop and eating up all CPU and RAM resources. Closes: #549168
+ Patch cherry-picked from upstream Git.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 30 Nov 2010 14:50:15 +0100
+
rsyslog (4.6.4-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/02-tls_loop_fix.patch b/debian/patches/02-tls_loop_fix.patch
new file mode 100644
index 0000000..26992b4
--- /dev/null
+++ b/debian/patches/02-tls_loop_fix.patch
@@ -0,0 +1,59 @@
+commit 925504d565c6cf4a712dd8c8217891662aaf639e
+Author: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Wed Nov 24 11:14:21 2010 +0100
+
+ bugfix(important): problem in TLS handling could cause rsyslog to loop
+
+ ... in a tight loop, effectively disabling functionality and bearing the
+ risk of unresponsiveness of the whole system.
+ Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
+
+diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
+index c3a93be..1a389a0 100644
+--- a/runtime/nsdsel_gtls.c
++++ b/runtime/nsdsel_gtls.c
+@@ -76,6 +76,9 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
+ if(pNsdGTLS->iMode == 1) {
+ if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
+ ++pThis->iBufferRcvReady;
++ dbgprintf("nsdsel_gtls: data already present in buffer, initiating "
++ "dummy select %p->iBufferRcvReady=%d\n",
++ pThis, pThis->iBufferRcvReady);
+ FINALIZE;
+ }
+ if(pNsdGTLS->rtryCall != gtlsRtry_None) {
+@@ -109,6 +112,7 @@ Select(nsdsel_t *pNsdsel, int *piNumReady)
+ if(pThis->iBufferRcvReady > 0) {
+ /* we still have data ready! */
+ *piNumReady = pThis->iBufferRcvReady;
++ dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
+ } else {
+ iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
+ }
+@@ -190,6 +194,9 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+ if(pNsdGTLS->iMode == 1) {
+ if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
+ *pbIsReady = 1;
++ --pThis->iBufferRcvReady; /* one "pseudo-read" less */
++ dbgprintf("nsdl_gtls: dummy read, decermenting %p->iBufRcvReady, now %d\n",
++ pThis, pThis->iBufferRcvReady);
+ FINALIZE;
+ }
+ if(pNsdGTLS->rtryCall != gtlsRtry_None) {
+@@ -200,6 +207,16 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+ *pbIsReady = 0;
+ FINALIZE;
+ }
++ /* now we must ensure that we do not fall back to PTCP if we have
++ * done a "dummy" select. In that case, we know when the predicate
++ * is not matched here, we do not have data available for this
++ * socket. -- rgerhards, 2010-11-20
++ */
++ if(pThis->iBufferRcvReady) {
++ dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
++ *pbIsReady = 0;
++ FINALIZE;
++ }
+ }
+
+ CHKiRet(nsdsel_ptcp.IsReady(pThis->pTcp, pNsdGTLS->pTcp, waitOp, pbIsReady));
diff --git a/debian/patches/series b/debian/patches/series
index 2113a56..3bdc4f1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
# Debian patches for rsyslog
01-dont_create_db.patch
+02-tls_loop_fix.patch
Reply to: