netbsd-bugs: lib/24246: parser bug in crypto/dist/heimdal/lib/krb5/log.c

Subject: lib/24246: parser bug in crypto/dist/heimdal/lib/krb5/log.c
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <jukka-netbsd@2004.salmi.ch>
List: netbsd-bugs
Date: 01/26/2004 12:58:33

>Number:         24246
>Category:       lib
>Synopsis:       parser bug in crypto/dist/heimdal/lib/krb5/log.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 26 12:59:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jukka Salmi
>Release:        NetBSD 1.6.2_RC3
>Organization:
>Environment:
NetBSD bart.stasoft.ch 1.6.2_RC3 NetBSD 1.6.2_RC3 (BART) #0: Mon Dec 22 23:05:46 CET 2003     root@bart.stasoft.ch:/usr/src/sys/arch/i386/compile/BART i386
>Description:
There's a bug in krb5_addlog_dest() from crypto/dist/heimdal/lib/krb5/log.c: SYSLOG destinations are not parsed correctly.
>How-To-Repeat:
In the logging section in /etc/krb5.conf, specify a SYSLOG destination, e.g. 'kdc = SYSLOG:INFO:LOCAL0'. Such a destination is not parsed correctly which causes the default priority and facility (ERR:AUTH) to be always used.
>Fix:
It's fixed in more recent heimdal versions. The following is a diff of the log.c file from NetBSD stable and the latest (0.6) heimdal source which fixes the problem described above:

--- log.c.orig	Mon Jan 26 13:11:30 2004
+++ log.c	Mon Dec 29 21:38:50 2003
@@ -315,15 +315,18 @@
 	ret = open_file(context, f, min, max, fn, "a", file, keep_open);
     }else if(strncmp(p, "DEVICE=", 6) == 0){
 	ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
-    }else if(strncmp(p, "SYSLOG", 6) == 0){
-	char *severity;
-	char *facility;
-	severity = strchr(p, ':');
-	if(severity == NULL)
-	    severity = "ERR";
-	facility = strchr(severity, ':');
-	if(facility == NULL)
-	    facility = "AUTH";
+    }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
+	char severity[128] = "";
+	char facility[128] = "";
+	p += 6;
+	if(*p != '\0')
+	    p++;
+	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
+	    strsep_copy(&p, ":", facility, sizeof(facility));
+	if(*severity == '\0')
+	    strlcpy(severity, "ERR", sizeof(severity));
+	if(*facility == '\0')
+	    strlcpy(facility, "AUTH", sizeof(facility));
 	ret = open_syslog(context, f, min, max, severity, facility);
     }else{
 	krb5_set_error_string (context, "unknown log type: %s", p);
>Release-Note:
>Audit-Trail:
>Unformatted: