integ/base/systemd/centos/patches/801-inject-millisec-in-syslog-date.patch
Jim Somerville 0231aba5cd Uprev systemd to version 219-67.el7
This solves:
systemd: line splitting via fgets() allows for state injection
during daemon-reexec (CVE-2018-15686)

along with some other less critical issues.  See the security
announcement link:

https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html

for more details.

Here we rebase the patches, and fix the atrocious crime of "name of patch file
doesn't match what git format-patch generates".  We also squash down the
meta patches which add the patches to the spec file as part of
good housekeeping.

Change-Id: I01a3fa329bbad541a063cb604d1756892139967f
Closes-Bug: 1849200
Depends-On: https://review.opendev.org/#/c/695560
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2019-11-21 16:48:47 -05:00

82 lines
2.9 KiB
Diff

From 8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7 Mon Sep 17 00:00:00 2001
Message-Id: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com>
From: systemd team <systemd-maint@redhat.com>
Date: Tue, 8 Nov 2016 17:06:01 -0500
Subject: [PATCH 1/3] inject millisec in syslog date
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
---
src/journal/journald-syslog.c | 48 +++++++++++++++++++++++++++++++++++++------
1 file changed, 42 insertions(+), 6 deletions(-)
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index 1a9db59..36288cb 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -35,6 +35,44 @@
/* Warn once every 30s if we missed syslog message */
#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
+/* internal function that builds a formatted time str of the
+ * tv parameter into the passed buffer. (ie Nov 7 16:28:38.109)
+ * If tv is NULL, then the clock function is used to build the formatted time
+ * returns (same as snprintf) - number of characters written to buffer.
+ */
+static int formatSyslogDate(char * buffer, int bufLen, const struct timeval *tv) {
+ struct timeval tv_tmp;
+ long int millisec;
+ char tmpbuf[64];
+ struct tm *tm;
+ time_t t;
+
+ if (!tv) {
+ // no timeval input so get time data from clock
+ usec_t now_usec = now(CLOCK_REALTIME);
+ time_t now_sec = ((time_t) now_usec / USEC_PER_SEC);
+ long int now_fraction_secs = now_usec % USEC_PER_SEC;
+ tv_tmp.tv_sec = now_sec;
+ tv_tmp.tv_usec = now_fraction_secs;
+ tv = &tv_tmp;
+ }
+
+ t = tv->tv_sec;
+ tm = localtime(&t);
+ if (!tm)
+ return 0;
+
+ // format time to the second granularity - ie Nov 7 16:28:38
+ if (strftime(tmpbuf,sizeof(tmpbuf),"%h %e %T", tm) <= 0)
+ return 0;
+
+ millisec = tv->tv_usec / 1000;
+ // now append millisecond granularity (ie Nov 7 16:28:38.109) to
+ // the formatted string.
+ return snprintf(buffer, bufLen, "%s.%03lu", tmpbuf, millisec);
+}
+
+
static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {
static const union sockaddr_union sa = {
@@ -145,13 +183,11 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons
xsprintf(header_priority, "<%i>", priority);
IOVEC_SET_STRING(iovec[n++], header_priority);
+
/* Second: timestamp */
- t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
- tm = localtime(&t);
- if (!tm)
- return;
- if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
- return;
+ if (formatSyslogDate(header_time, sizeof(header_time), tv) <=0 )
+ return;
+
IOVEC_SET_STRING(iovec[n++], header_time);
/* Third: identifier and PID */
--
1.8.3.1