Bug 1462160 - rsyslogd segfaults on invalid set statement
rsyslogd segfaults on invalid set statement
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rsyslog (Show other bugs)
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: Radovan Sroka
Stefan Dordevic
: Regression, Triaged
: 1509987 1553599 (view as bug list)
Depends On:
Blocks: 1408473
  Show dependency treegraph
Reported: 2017-06-16 06:45 EDT by Karel Srot
Modified: 2018-04-10 11:27 EDT (History)
8 users (show)

See Also:
Fixed In Version: rsyslog-8.24.0-13.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2018-04-10 11:26:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch (5.52 KB, patch)
2017-07-25 07:22 EDT, Marek Tamaskovic
no flags Details | Diff
proposed patch v2 (5.57 KB, patch)
2017-07-26 07:26 EDT, Marek Tamaskovic
no flags Details | Diff
final patch (5.30 KB, patch)
2017-08-28 08:59 EDT, Radovan Sroka
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0856 None None None 2018-04-10 11:27 EDT

  None (edit)
Description Karel Srot 2017-06-16 06:45:30 EDT
Description of problem:

rsyslogd segfault when set statement is not valid.

# cat /etc/rsyslog.d/test.conf
set $testvar;
# rsyslogd -n -d
Segmentation fault
# rpm -q rsyslog

Same result also for statement
set $testvar=;

gdb says:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3cd0700 (LWP 11806)]
0x00007ffff639f4b7 in readjournal () at imjournal.c:326
326		if (sys_iden == NULL && !cs.dfltTag[0]) {

This is a regression against the upstream version.
I have confirmed that the issue is caused by our downstream patch 
Comment 2 Marek Tamaskovic 2017-07-25 07:22 EDT
Created attachment 1304172 [details]
proposed patch

Some guy was dereferencing pointer which was NULL in that specific case.
I fixed that condition but some addition tests are required because I am not sure if it doesn't change functionality in other use cases.
Comment 3 Radovan Sroka 2017-07-26 04:47:04 EDT
I think that previous version check only if default tag was empty string and doesn't check what this pointer was valid. Now the condition checks whether pointer is valid but not occurrence of the empty string. 

I think that condition should cover both cases.
Comment 4 Marek Tamaskovic 2017-07-26 07:26 EDT
Created attachment 1304713 [details]
proposed patch v2

Added string check as well.
Comment 6 Radovan Sroka 2017-08-28 08:59 EDT
Created attachment 1319072 [details]
final patch
Comment 11 Jiří Vymazal 2017-11-10 04:11:30 EST
*** Bug 1509987 has been marked as a duplicate of this bug. ***
Comment 15 Jiří Vymazal 2018-03-20 05:47:54 EDT
*** Bug 1553599 has been marked as a duplicate of this bug. ***
Comment 17 errata-xmlrpc 2018-04-10 11:26:37 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.