It looks like a race was introduced by not locking the message mutex
in msgDestruct(). In theory, I thought, the decrement should be atomic,
but the whole operation may be reordered. Also it has potential for task
switches. If so, that would lead to a too-early destruction and thus
a potential double free - exactly what we have seen from time to time.
So I think this fix addresses the issue.
I have also removed anything that looks like atomic operations are supported
in this version - they are not. This was very late added, found to be
non-portable and pulled from that release.
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see http://www.rsyslog.com/Article322.phtml)
(backport from v3-stable, v3.20.9)
- minor bugfix: dual close() call on tcp session closure
...tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).
The legacy ACL system needs access to the remote sockaddr_storage
data structure. This has been implemented for the ptcp driver and
now follows for gtls. See recent commits for reason.
We also moved up the version numbers in preparation of the release.
This is intended for debugging and considered worth preserving.
However, it has not (yet) been added to the build diag tools
as it is not considered important enough.
RE's seem to be a big trouble spot and I would like to have more
information inside the debug log. So I decided to add some additional
debug strings permanently.
Thanks to Frederico Nunez for providing the fix. The actual patch
was commited before this one - unfortunately I forgot to set
the author correct when commiting it and then it was pushed to
the online repository. Sorry for this ;)
Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
- a big one in syslogd.c, which caused messages not to be
freed when compiled for single-threading mode
- a small one in the file output handler, outchannels, when
a size-reached action was to be executed
