Blame SOURCES/rsyslog-8.24.0-rhbz1427828-set-unset-not-checking-varName.patch

a856a8
From e2767839bc23f1a2f70543efabfe0ca1be166ee9 Mon Sep 17 00:00:00 2001
a856a8
From: Rainer Gerhards <rgerhards@adiscon.com>
a856a8
Date: Tue, 24 Jan 2017 13:24:29 +0100
a856a8
Subject: [PATCH] rainescript: set/unset statement do not check variable name
a856a8
 validity
a856a8
a856a8
Only JSON-based variables can be use with set and unset. Unfortunately,
a856a8
this restriction is not checked. If an invalid variable is given
a856a8
(e.g. $invalid), this is not detected upon config processing on
a856a8
startup. During execution phase, this can lead to a segfault, a
a856a8
memory leak or other types of problems.
a856a8
a856a8
see also https://github.com/rsyslog/rsyslog/issues/1376
a856a8
closes https://github.com/rsyslog/rsyslog/issues/1377
a856a8
---
a856a8
 grammar/rainerscript.c | 43 +++++++++++++++++++++++++++++++++++++++----
a856a8
 1 file changed, 39 insertions(+), 4 deletions(-)
a856a8
a856a8
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
a856a8
index 0ebd6f1..2106ef9 100644
a856a8
--- a/grammar/rainerscript.c
a856a8
+++ b/grammar/rainerscript.c
a856a8
@@ -3062,6 +3062,19 @@ cnfstmtNew(unsigned s_type)
a856a8
 	return cnfstmt;
a856a8
 }
a856a8
 
a856a8
+/* This function disables a cnfstmt by setting it to NOP. This is
a856a8
+ * useful when we detect errors late in the parsing processing, where
a856a8
+ * we need to return a valid cnfstmt. The optimizer later removes the
a856a8
+ * NOPs, so all is well.
a856a8
+ * NOTE: this call assumes that no dynamic data structures have been
a856a8
+ * allocated. If so, these MUST be freed before calling cnfstmtDisable().
a856a8
+ */
a856a8
+static void
a856a8
+cnfstmtDisable(struct cnfstmt *cnfstmt)
a856a8
+{
a856a8
+	cnfstmt->nodetype = S_NOP;
a856a8
+}
a856a8
+
a856a8
 void cnfstmtDestructLst(struct cnfstmt *root);
a856a8
 
a856a8
 static void cnfIteratorDestruct(struct cnfitr *itr);
a856a8
@@ -3166,11 +3179,22 @@ cnfIteratorDestruct(struct cnfitr *itr)
a856a8
 struct cnfstmt *
a856a8
 cnfstmtNewSet(char *var, struct cnfexpr *expr, int force_reset)
a856a8
 {
a856a8
+	propid_t propid;
a856a8
 	struct cnfstmt* cnfstmt;
a856a8
 	if((cnfstmt = cnfstmtNew(S_SET)) != NULL) {
a856a8
-		cnfstmt->d.s_set.varname = (uchar*) var;
a856a8
-		cnfstmt->d.s_set.expr = expr;
a856a8
-		cnfstmt->d.s_set.force_reset = force_reset;
a856a8
+		if(propNameToID((uchar *)var, &propid) == RS_RET_OK
a856a8
+		   && (   propid == PROP_CEE
a856a8
+		       || propid == PROP_LOCAL_VAR
a856a8
+		       || propid == PROP_GLOBAL_VAR)
a856a8
+		   ) {
a856a8
+			cnfstmt->d.s_set.varname = (uchar*) var;
a856a8
+			cnfstmt->d.s_set.expr = expr;
a856a8
+			cnfstmt->d.s_set.force_reset = force_reset;
a856a8
+		} else {
a856a8
+			parser_errmsg("invalid variable '%s' in set statement.", var);
a856a8
+			free(var);
a856a8
+			cnfstmtDisable(cnfstmt);
a856a8
+		}
a856a8
 	}
a856a8
 	return cnfstmt;
a856a8
 }
a856a8
@@ -3254,9 +3278,20 @@ cnfstmtNewReloadLookupTable(struct cnffparamlst *fparams)
a856a8
 struct cnfstmt *
a856a8
 cnfstmtNewUnset(char *var)
a856a8
 {
a856a8
+	propid_t propid;
a856a8
 	struct cnfstmt* cnfstmt;
a856a8
 	if((cnfstmt = cnfstmtNew(S_UNSET)) != NULL) {
a856a8
-		cnfstmt->d.s_unset.varname = (uchar*) var;
a856a8
+		if(propNameToID((uchar *)var, &propid) == RS_RET_OK
a856a8
+		   && (   propid == PROP_CEE
a856a8
+		       || propid == PROP_LOCAL_VAR
a856a8
+		       || propid == PROP_GLOBAL_VAR)
a856a8
+		   ) {
a856a8
+			cnfstmt->d.s_unset.varname = (uchar*) var;
a856a8
+		} else {
a856a8
+			parser_errmsg("invalid variable '%s' in unset statement.", var);
a856a8
+			free(var);
a856a8
+			cnfstmtDisable(cnfstmt);
a856a8
+		}
a856a8
 	}
a856a8
 	return cnfstmt;
a856a8
 }