Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-59893

rsyslogd crashes on startup when an invalid rainer script is specified

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0
    • rhel-8.10, rhel-9.4
    • rsyslog
    • None
    • rsyslog-8.2412.0-1.el10
    • Yes
    • Low
    • 1
    • rhel-sst-security-special-projects
    • ssg_security
    • 21
    • 1
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 13
    • Release Note Not Required
    • All
    • None

      What were you trying to do that didn't work?

      When an invalid rainer script is specified, rsyslogd crashes instead of just reporting the syntax error:

      # cat /etc/rsyslog.d/crash.conf 
if ($fromhost-ip == '192.168.0.1') or if ($fromhost-ip == '192.168.0.2') then {
	stop
}

# rsyslogd -d -n
[...]
4617.291098543:main thread    : operatingstate.c: osf: MSG error during parsing file /etc/rsyslog.d/crash.conf, on or before line 1: Invalid function if: prop/AddRef is passed a NULL ptr - ignoring it - further problems may occur
rsyslogd: error during parsing file /etc/rsyslog.d/crash.conf, on or before line 1: Invalid function if [v8.2310.0-4.el9 try https://www.rsyslog.com/e/2207 ]
Segmentation fault (core dumped)

      Here above I used a if xxx or if yyy which is not a valid syntax.

      What is the impact of this issue to you?

      Low impact

      Please provide the package NVR for which the bug is seen:

      rsyslog-8.2310.0-4.el9.x86_64
      rsyslog-8.2102.0-15.el8.x86_64

      How reproducible is this bug?:

      Always, see above

            [RHEL-59893] rsyslogd crashes on startup when an invalid rainer script is specified

            Adam Prikryl added a comment -

            Build landed in the latest RHEL10 compose, issue is fixed

            Adam Prikryl added a comment - Build landed in the latest RHEL10 compose, issue is fixed

            Attila Lakatos added a comment - - edited

            Hello,

            It seems like the root cause lies in a nonexistent function call. Let me break it down:

            The syntax to have multiple expressions is the following:

            if EXPR1 or EXPR2  then { ... }

            But in this case we have:

            if EXPR1 or if EXPR2 then { ... }

            After analyzing the rsyslog grammar, the "if" keyword is treated as a function and that obviously does not exist. So the segfault can be reproduced when a function call is stated but function definition does not exist.

            I opened a PR upstream https://github.com/rsyslog/rsyslog/pull/5458

            Attila Lakatos added a comment - - edited Hello, It seems like the root cause lies in a nonexistent function call. Let me break it down: The syntax to have multiple expressions is the following: if EXPR1 or EXPR2  then { ... } But in this case we have: if EXPR1 or if EXPR2 then { ... } After analyzing the rsyslog grammar, the "if" keyword is treated as a function and that obviously does not exist. So the segfault can be reproduced when a function call is stated but function definition does not exist. I opened a PR upstream https://github.com/rsyslog/rsyslog/pull/5458

              rh-ee-alakatos Attila Lakatos
              rhn-support-rmetrich Renaud Métrich
              Attila Lakatos Attila Lakatos
              Adam Prikryl Adam Prikryl
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: