0231aba5cd
This solves: systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) along with some other less critical issues. See the security announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html for more details. Here we rebase the patches, and fix the atrocious crime of "name of patch file doesn't match what git format-patch generates". We also squash down the meta patches which add the patches to the spec file as part of good housekeeping. Change-Id: I01a3fa329bbad541a063cb604d1756892139967f Closes-Bug: 1849200 Depends-On: https://review.opendev.org/#/c/695560 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
82 lines
2.9 KiB
Diff
82 lines
2.9 KiB
Diff
From 8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com>
|
|
From: systemd team <systemd-maint@redhat.com>
|
|
Date: Tue, 8 Nov 2016 17:06:01 -0500
|
|
Subject: [PATCH 1/3] inject millisec in syslog date
|
|
|
|
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
|
|
---
|
|
src/journal/journald-syslog.c | 48 +++++++++++++++++++++++++++++++++++++------
|
|
1 file changed, 42 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
|
|
index 1a9db59..36288cb 100644
|
|
--- a/src/journal/journald-syslog.c
|
|
+++ b/src/journal/journald-syslog.c
|
|
@@ -35,6 +35,44 @@
|
|
/* Warn once every 30s if we missed syslog message */
|
|
#define WARN_FORWARD_SYSLOG_MISSED_USEC (30 * USEC_PER_SEC)
|
|
|
|
+/* internal function that builds a formatted time str of the
|
|
+ * tv parameter into the passed buffer. (ie Nov 7 16:28:38.109)
|
|
+ * If tv is NULL, then the clock function is used to build the formatted time
|
|
+ * returns (same as snprintf) - number of characters written to buffer.
|
|
+ */
|
|
+static int formatSyslogDate(char * buffer, int bufLen, const struct timeval *tv) {
|
|
+ struct timeval tv_tmp;
|
|
+ long int millisec;
|
|
+ char tmpbuf[64];
|
|
+ struct tm *tm;
|
|
+ time_t t;
|
|
+
|
|
+ if (!tv) {
|
|
+ // no timeval input so get time data from clock
|
|
+ usec_t now_usec = now(CLOCK_REALTIME);
|
|
+ time_t now_sec = ((time_t) now_usec / USEC_PER_SEC);
|
|
+ long int now_fraction_secs = now_usec % USEC_PER_SEC;
|
|
+ tv_tmp.tv_sec = now_sec;
|
|
+ tv_tmp.tv_usec = now_fraction_secs;
|
|
+ tv = &tv_tmp;
|
|
+ }
|
|
+
|
|
+ t = tv->tv_sec;
|
|
+ tm = localtime(&t);
|
|
+ if (!tm)
|
|
+ return 0;
|
|
+
|
|
+ // format time to the second granularity - ie Nov 7 16:28:38
|
|
+ if (strftime(tmpbuf,sizeof(tmpbuf),"%h %e %T", tm) <= 0)
|
|
+ return 0;
|
|
+
|
|
+ millisec = tv->tv_usec / 1000;
|
|
+ // now append millisecond granularity (ie Nov 7 16:28:38.109) to
|
|
+ // the formatted string.
|
|
+ return snprintf(buffer, bufLen, "%s.%03lu", tmpbuf, millisec);
|
|
+}
|
|
+
|
|
+
|
|
static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) {
|
|
|
|
static const union sockaddr_union sa = {
|
|
@@ -145,13 +183,11 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons
|
|
xsprintf(header_priority, "<%i>", priority);
|
|
IOVEC_SET_STRING(iovec[n++], header_priority);
|
|
|
|
+
|
|
/* Second: timestamp */
|
|
- t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
|
|
- tm = localtime(&t);
|
|
- if (!tm)
|
|
- return;
|
|
- if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
|
|
- return;
|
|
+ if (formatSyslogDate(header_time, sizeof(header_time), tv) <=0 )
|
|
+ return;
|
|
+
|
|
IOVEC_SET_STRING(iovec[n++], header_time);
|
|
|
|
/* Third: identifier and PID */
|
|
--
|
|
1.8.3.1
|
|
|