Added boundary check for fscanf() in InitKsyms() and CheckMapVersion()
to prevent an unintended crash when reading an incorrect System.map.
Hello,
I have discovered a potential crash bug in sysklogd. The klogd daemon
doesn't handle really malformed System.map files very well. It has
two fscanf() calls with "%s"format strings that stores to char
sym[512] arrays. This causes a crash if the string field in the
file is longer than that.
Despite being a buffer overflow, this is not a security problem, as
only root can change the System.map file. Nevertheless, I think it
is worth fixing, as the Right Thing for a program should be not to
assume anything about its input and to handle various problems well.
. Keith Owens <kaos@ocs.com.au>
- Fixed bug that caused klogd to die if there is no sym_array available.
- When symbols are expanded, print the line twice. Once with
addresses converted to symbols, once with the raw text. Allows
external programs such as ksymoops do their own processing on the
original data.
Modified CheckVersion()
. Use shift to decode the kernel version
. Compare integers of kernel version
. extract major.minor.patch from utsname.release via sscanf()
The reason lays in possible use of kernel flavours which
modify utsname.release but no the Version_ symbol.
<F.Potorti@cnuce.cnr.it> (closes: Bug#20903)
* Corrected email address for Shane Alderton (closes: Bug#20765)
* Fixed manpage to not reflect reverse implementated SIGALRM signal
handler (closes: Bug#20647)
* Modified behaviour with including <sys/module.h> (closes: Bug#20556)
* Added correct prototype for llseek() (closes: Bug#20507, Bug#20220)
* Added more log information if problems occurr while reading a system
map file.
* Modified System.map read function to try all possible map files until
a file with matching version is found.
* Added Debian release to klogd
* Switched to fgets() as gets() is not buffer overrun secure.
* Modified loop for detecting the correct system map.
special messages from 2.1.78. Thanks to Chu-yeon Park
<kokids@doit.ajou.ac.kr> for informing me.
* Fixed bug that caused klogd to die if there is no System.map
available.
* Added -x switch to omit EIP translation and System.map evaluation.
Thanks to Florian La Roche <florian@knorke.saar.de>.
* Fixed small bugs in F_FORW_UNKN meachanism. Thanks to Torsten Neumann
<torsten@londo.rhein-main.de> for pointing me to it.
* Fixed problem with klogd not being able to be built on a kernel newer
than 2.1.18. Worked in a patch from Alessandro Suardi <asuardi@uninetcom.it>
into trouble upgrading a RedHat system.
* Fixed little mistake which prevented klogd from accepting a console
log level of 8 to get <7> alias KERN_DEBUG displayed.
* Linked against libc6 (Bug#11731)
* Added SHELL=/bin/bash to rules as Herbert Xu suggested
* Corrected syslog.conf(5) manpage
* syslogd resets the ignore priority flag now. Thanks to Herbert
Thielen. (Bug#12009)
* Fixed bug that caused syslogd to write into wrong files under some
race conditions. Thanks to Herbet Xu. (Bug#13506)
* /var/log/auth.log will only be touch if needed (Bug#14329)
* debian/conffiles is treated like a document (Bug#14521)
* Added script for generic logfile detection and rotation and included
that in cron scripts, included also its manpage (Bug#14610)
* Modified restart messages in /etc/init.d/sysklogd (Bug#15840)
* klogd will first try to load /boot/System.map-$ver, then
/boot/System.map, then /System.map-$ver and after that /System.map
* Modified ExpandKadds() because there were some problems accessing
memory r/w. (Bug#15336)