This removes what Coverity scan correctly identified as unnecessary.
However, it might have been there to prevent a clang static analyzer
false positive, so we check if this causes issues and merge only
if not. I keep this note in any case because it later might become
important info.
CID 185313
This permits an atomic check for error conditions and helps avoid
inconsistency between check and use of file name, which can also
pose security issues (not in the previous code, as the check was only
used for error-reporting).
Detected by Coverty scan, CID 185400
If files are encrypted via the libgcry crypto provider, file handles
with numerical values 0 obtained by the crypto provider are never
closed. This is extremely unlikely to happen, as file handle 0
is (almost) every time already persistently open when the code
in question is reached.
Detected by Coverty scan, CID 185411.
This happens if there is a problem with the timezone parameters.
Affects only startup, once started, no problem exists.
Detected by Coverty scan; CID 185414
Detected by Coverty scan, can only happen when we run out of
memory, in which case we have a very big problem anyhow.
Double free could happen in lower layer when a property was
freed due to realloc failure. Solution is to continue to use
old value, which also makes sense otherwise.
lookup table could loop if error in lookupDoStub() occurs
also fixes coverty scan CID 185315 (IDENTICAL_BRANCHES due to
CHKiRet() immediately followed by finalize_it)
When a JSON property is accessed in template processing, memory
may be misadressed or a double-free may occur while obtaining the
propety.
This was detected by a Coverty scan.
due to missing unlock. This could only occur if pstats was set to
CEE-format logging (very uncommon) AND if the system runs out of
memory (in which case other things go pretty bad as well).
found by Coverty scan
this in almost all cases indicates a real problem that the user
should be made aware of
For a case where the missing error message caused confusion
see also https://github.com/rsyslog/rsyslog/issues/1867
when rulesets are nested a segfault can occur when shutting down
rsyslog. the reason is that rule sets are destructed in load order,
which means a "later" ruleset may still be active when an "earlier"
one was already destructed. In these cases, a "call" can invalidly
call into the earlier ruleset, which is destructed and so leads to
invalid memory access. If a segfault actually happens depends on the
OS, but it is highly probable.
The cure is to split the queue shutdown sequence. In a first step,
all worker threads are terminated and the queue set to enqOnly.
While some are terminated, it is still possible that the others
enqueue messages into the queue (which are then just placed into the
queue, not processed). After this happens, a call can no longer
be issued (as there are no more workers). So then we can destruct
the rulesets in any order.
closes https://github.com/rsyslog/rsyslog/issues/1122
The variable system inside rsyslog is JSON based (for easy consumption
of JSON input, the prime source of structured data). In JSON, keys
("variable names") are case-sensitive. This causes constant problems
inside rsyslog configurations. A major nit is that case-insensitivity
option inside templates (even if turned on) does not work with JSON
keys because they of inner workings*1.
It is much more natural to treat keys in a case-INsensitive way (e.g.
"$!Key" and "$!key" are the same). We do not expect any real problems
out of this, as key names only differing in case is highly unlikely.
However, as it is possible we provide a way to enable case-sensitivity
via the global(variables.casesensitve="on") global config object.
Note that the default is to do case-insensitive matches. The reason
is that this is the right thing to do in almost all cases, and we do
not envision any problems at all in existing deployments.
*1 Note: case-insensitivity in rsyslog is achieved by converting all
names to lower case. So that the higher speed of strcmp() can be used.
The template option does actually that, convert the template keys to
lower case. Unfortunately, this does not work with JSON, as JSON keys
are NOT converted to lower case.
closes https://github.com/rsyslog/rsyslog/issues/1805
This permits to put a hard limit on the number of messages that can
go to stderr. If for nothing else, this capability is helpful for the
testbench. It permits to reduce spamming the test log while still
providing the ability to see initial error messages. Might also be
useful for some practical deployments.
closes https://github.com/rsyslog/rsyslog/issues/1841
The action engine does not emit "action suspended" messages but "resumed"
ones in retry processing. This is wrong, as they are a strong indication
that something does not work correctly. Nevertheless, "resumed" messages
were emitted, which was very puzzling for the user.
This patch fixes it so that "suspend" messages are given during retry
processing. These do not contain a retry timestamp, providing evidence
that a retry is currently being tried.
closes https://github.com/rsyslog/rsyslog/issues/1069
