Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-106140

rsyslog crash when mmnormalize plugin is given invalid configuration

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • rhel-9.6
    • liblognorm
    • None
    • No
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      rsyslogd crashes when the `mmnormalize` plugin is initialized with invalid configuration:

      $ cat /var/tmp/rsyslog-crash.conf 
module(load="mmnormalize")
action(type="mmnormalize" rule=[":%x:cef"])

$ rsyslogd -N 1 -f /var/tmp/rsyslog-crash.conf
rsyslogd: version 8.2412.0-1.el9, config validation run (level 1), master config /var/tmp/rsyslog-crash.conf
Segmentation fault (core dumped)

      What is the impact of this issue to you?

      Minor: the plugin shouldn't crash when given incomplete configuration, but the invalid configuration can only be provided by the admin

      Please provide the package NVR for which the bug is seen:

      rsyslog-mmnormalize-8.2412.0-1.el9.x86_64

      Ho reproducible is this bug?

      Always

      Steps to reproduce

      1.  Create config file as above
      2.  Run rsyslogd as above

      Expected results

      rsyslogd should print an error message regarding the invalid liblognorm configuration rule, then exit with non-zero status

      Actual results

      rsyslogd segfaults:

      Process 279860 (rsyslogd) of user 1001 dumped core.

Stack trace of thread 279860:
#0  0x00007f8b2c87679b fgetpos64@@GLIBC_2.2.5 (libc.so.6 + 0x7679b)
#1  0x00007f8b2c6de927 ln_sampChkRunawayRule (liblognorm.so.5 + 0xe927)
#2  0x00007f8b2c6e38b6 ln_sampRead (liblognorm.so.5 + 0x138b6)
#3  0x00007f8b2c6e4110 ln_sampLoadFromString (liblognorm.so.5 + 0x14110)
#4  0x00007f8b2c6e419f ln_loadSamplesFromString (liblognorm.so.5 + 0x1419f)
#5  0x00007f8b2cda87d9 buildInstance (mmnormalize.so + 0x17d9)
#6  0x00007f8b2cda9418 newActInst (mmnormalize.so + 0x2418)
#7  0x0000562742f1b03e actionNewInst (rsyslogd + 0x7703e)
#8  0x0000562742ede442 cnfstmtNewAct (rsyslogd + 0x3a442)
#9  0x0000562742ed2161 yyparse (rsyslogd + 0x2e161)
#10 0x0000562742ee84d5 load (rsyslogd + 0x444d5)
#11 0x0000562742ec338b initAll (rsyslogd + 0x1f38b)
#12 0x0000562742ebc2e0 main (rsyslogd + 0x182e0)
#13 0x00007f8b2c8295d0 __libc_start_call_main (libc.so.6 + 0x295d0)
#14 0x00007f8b2c829680 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29680)
#15 0x0000562742ebc6b5 _start (rsyslogd + 0x186b5)
ELF object binary architecture: AMD x86-64

              rh-ee-alakatos Attila Lakatos
              staticyrro7 Sam Morris
              Attila Lakatos Attila Lakatos
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: