[2073] in Athena Bugs
Re: 6.1C syslogd
daemon@ATHENA.MIT.EDU (John T Kohl)
Thu Apr 13 10:16:07 1989
Date: Thu, 13 Apr 89 10:15:43 EDT
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU, zephyr-bugs@ATHENA.MIT.EDU
I found the problem. The facility used to look up the facility name
wasn't having high bits masked, so it was possible for clients sending
things like LOG_DAEMON|LOG_WARNING to cause an outbound zephyr syslog
message reference through some large array index and retrieving random
garbage, causing a seg fault.
Patch is appended; updated source and executable in
/mit/zephyr/{src,vax}/clients/syslogd/
John
*** /tmp/,RCSt1021570 Thu Apr 13 10:15:09 1989
--- syslogd.c Thu Apr 13 10:11:19 1989
***************
*** 791,797 ****
iov[4].iov_base);
(void) sprintf(pri_fac_str, "%s.%s",
FacNames[fac].c_name,
! PriNames[prilev].c_name);
znotice.z_message = line;
/* include the null just in case */
znotice.z_message_len = strlen (line) + 1;
--- 791,797 ----
iov[4].iov_base);
(void) sprintf(pri_fac_str, "%s.%s",
FacNames[fac].c_name,
! PriNames[(prilev & LOG_PRIMASK)].c_name);
znotice.z_message = line;
/* include the null just in case */
znotice.z_message_len = strlen (line) + 1;
