Message and memory corruption in rsyslog
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Debian) |
Fix Released
|
Unknown
|
|||
rsyslog (Ubuntu) |
Fix Released
|
High
|
Chris J Arges | ||
Precise |
Fix Released
|
High
|
Louis Bouchard | ||
Quantal |
Fix Released
|
High
|
Louis Bouchard | ||
Raring |
Fix Released
|
High
|
Chris J Arges |
Bug Description
When using the RFC5424 format, I've seen a number of corruptions in the messages (missing messages and unprintable characters). I've also had rsyslog crash out with "*** glibc detected *** rsyslogd: corrupted double-linked list: ... ***". The message corruptions match this upstream bug - http://
Based on the bug fixes to rsyslog between 5.8.6 and 5.10.0, it appears that there have been various race conditions and memory corruption issues that have since been fixed (5.8.6 is now nearly a year old).
In addition, rsyslog has some errors in the RFC5424 format that would also be fixed by an update to 5.10.0 (like the nil value for PID and the hostname in "last message repeated X times")
System information:
Ubuntu 12.04 LTS
rsyslog 5.8.6-1ubuntu8
--
Quantal/Precise SRU Justification
[Impact]
* If rsyslogd is configured using the RFC5424 format, messages can become corrupted and rsyslogd can potentially crash.
[Test Case]
* Enable RFC5424 format logging by adding the following to /etc/rsyslog.conf
$ActionFileD
* Eventually crashes/corruption can occur. The reporter in the upstream bug also had dynamic file templates that could also irritate this bug.
[Regression Potential]
* This patch is already present in upstream rsyslogd, and the patch cleanly backports to precise/quantal.
* This patch modifies the message locking to ensure proper locking using the alternative format. Thus, testing using the traditional (default) format and RFC5424 format are needed.
[Other Info]
* Upstream bug: http://
* Upstream patch: http://
Changed in rsyslog (Ubuntu Precise): | |
importance: | Undecided → High |
description: | updated |
Changed in rsyslog (Debian): | |
status: | Unknown → Fix Released |
Changed in rsyslog (Ubuntu Raring): | |
assignee: | nobody → Chris J Arges (christopherarges) |
Changed in rsyslog (Ubuntu Raring): | |
status: | In Progress → Fix Committed |
Triaged: since the reporter points to the upstream bug/fix
High: Corrupted log messages are going to confuse lots of people and make debugging other things harder
As a precaution I marked as security; memory corruptions in rsyslog can't be good