[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#605578: marked as done (unblock: rsyslog/4.6.4-2)

Your message dated Wed, 1 Dec 2010 16:26:13 +0100
with message-id <[🔎] 20101201152613.GB28635@dogguy.org>
and subject line Re: Bug#605578: unblock: rsyslog/4.6.4-2
has caused the Debian Bug report #605578,
regarding unblock: rsyslog/4.6.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
605578: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605578
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: freeze-exception

Please unblock package rsyslog

It fixes a rather nasty bug in the TLS netstream driver which could lead
to a DoS.

Changelog:

rsyslog (4.6.4-2) unstable; urgency=low

  * debian/patches/02-tls_loop_fix.patch
    - Fix bug in TLS handling which could cause rsyslog to loop in a tight
      loop and eating up all CPU and RAM resources. Closes: #549168
      Patch cherry-picked from upstream Git.

 -- Michael Biebl <biebl@debian.org>  Tue, 30 Nov 2010 14:50:15 +0100


debdiff attached.

Thanks,
Michael


unblock rsyslog/4.6.4-2

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff --git a/debian/changelog b/debian/changelog
index d1f0088..ad31baf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+rsyslog (4.6.4-2) unstable; urgency=low
+
+  * debian/patches/02-tls_loop_fix.patch
+    - Fix bug in TLS handling which could cause rsyslog to loop in a tight
+      loop and eating up all CPU and RAM resources. Closes: #549168
+      Patch cherry-picked from upstream Git.
+
+ -- Michael Biebl <biebl@debian.org>  Tue, 30 Nov 2010 14:50:15 +0100
+
 rsyslog (4.6.4-1) unstable; urgency=low
 
   * New upstream release.
diff --git a/debian/patches/02-tls_loop_fix.patch b/debian/patches/02-tls_loop_fix.patch
new file mode 100644
index 0000000..26992b4
--- /dev/null
+++ b/debian/patches/02-tls_loop_fix.patch
@@ -0,0 +1,59 @@
+commit 925504d565c6cf4a712dd8c8217891662aaf639e
+Author: Rainer Gerhards <rgerhards@adiscon.com>
+Date:   Wed Nov 24 11:14:21 2010 +0100
+
+    bugfix(important): problem in TLS handling could cause rsyslog to loop
+    
+    ... in a tight loop, effectively disabling functionality and bearing the
+    risk of unresponsiveness of the whole system.
+    Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
+
+diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
+index c3a93be..1a389a0 100644
+--- a/runtime/nsdsel_gtls.c
++++ b/runtime/nsdsel_gtls.c
+@@ -76,6 +76,9 @@ Add(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp)
+ 	if(pNsdGTLS->iMode == 1) {
+ 		if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
+ 			++pThis->iBufferRcvReady;
++			dbgprintf("nsdsel_gtls: data already present in buffer, initiating "
++				  "dummy select %p->iBufferRcvReady=%d\n",
++				  pThis, pThis->iBufferRcvReady);
+ 			FINALIZE;
+ 		}
+ 		if(pNsdGTLS->rtryCall != gtlsRtry_None) {
+@@ -109,6 +112,7 @@ Select(nsdsel_t *pNsdsel, int *piNumReady)
+ 	if(pThis->iBufferRcvReady > 0) {
+ 		/* we still have data ready! */
+ 		*piNumReady = pThis->iBufferRcvReady;
++		dbgprintf("nsdsel_gtls: doing dummy select, data present\n");
+ 	} else {
+ 		iRet = nsdsel_ptcp.Select(pThis->pTcp, piNumReady);
+ 	}
+@@ -190,6 +194,9 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+ 	if(pNsdGTLS->iMode == 1) {
+ 		if(waitOp == NSDSEL_RD && gtlsHasRcvInBuffer(pNsdGTLS)) {
+ 			*pbIsReady = 1;
++			--pThis->iBufferRcvReady; /* one "pseudo-read" less */
++			dbgprintf("nsdl_gtls: dummy read, decermenting %p->iBufRcvReady, now %d\n",
++				   pThis, pThis->iBufferRcvReady);
+ 			FINALIZE;
+ 		}
+ 		if(pNsdGTLS->rtryCall != gtlsRtry_None) {
+@@ -200,6 +207,16 @@ IsReady(nsdsel_t *pNsdsel, nsd_t *pNsd, nsdsel_waitOp_t waitOp, int *pbIsReady)
+ 			*pbIsReady = 0;
+ 			FINALIZE;
+ 		}
++		/* now we must ensure that we do not fall back to PTCP if we have
++		 * done a "dummy" select. In that case, we know when the predicate
++		 * is not matched here, we do not have data available for this
++		 * socket. -- rgerhards, 2010-11-20
++		 */
++		if(pThis->iBufferRcvReady) {
++			dbgprintf("nsd_gtls: dummy read, buffer not available for this FD\n");
++			*pbIsReady = 0;
++			FINALIZE;
++		}
+ 	}
+ 
+ 	CHKiRet(nsdsel_ptcp.IsReady(pThis->pTcp, pNsdGTLS->pTcp, waitOp, pbIsReady));
diff --git a/debian/patches/series b/debian/patches/series
index 2113a56..3bdc4f1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 # Debian patches for rsyslog
 01-dont_create_db.patch
+02-tls_loop_fix.patch

--- End Message ---
--- Begin Message --- 
Michael Biebl <biebl@debian.org> wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: freeze-exception
> 
> Please unblock package rsyslog
> 
> It fixes a rather nasty bug in the TLS netstream driver which could lead
> to a DoS.
> 

Unblocked.

Regards,

-- 
Mehdi Dogguy

--- End Message ---
Reply to: