liblognorm crashes when using newline within json rule with string rule

[kortemik]

/opt/Fail-Safe/rsyslog/liblognorm/bin/lognormalizer -R "$(echo -e 'rule=:%[{"type":"char-to", "name":"user", "extradata":"@"},{"type":"literal","text":"@"}\n,{"type":"rest","name":"domain"}]%')"

Segmentation fault (core dumped)

Please find gdb tracing as follows:

gdb /opt/Fail-Safe/rsyslog/liblognorm/bin/lognormalizer
(gdb) run -R "$(echo -e 'rule=:%[{"type":"char-to", "name":"user", "extradata":"@"},{"type":"literal","text":"@"}\n,{"type":"rest","name":"domain"}]%')"

(gdb) where
#0  0x00007ffff78355c0 in fgetpos@@GLIBC_2.2.5 () from /lib64/libc.so.6
#1  0x00007ffff7db26c3 in ln_sampChkRunawayRule (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8) at samp.c:950
#2  0x00007ffff7db297e in ln_sampRead (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8, isEof=isEof@entry=0x7fffffffe0fc) at samp.c:1024
#3  0x00007ffff7db35d0 in ln_sampLoadFromString (ctx=ctx@entry=0x605260, string=<optimized out>, 
    string@entry=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at samp.c:1184
#4  0x00007ffff7dae940 in ln_loadSamplesFromString (ctx=0x605260, 
    string=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at liblognorm.c:184
#5  0x0000000000401e0f in main ()

(gdb) bt full
#0  0x00007ffff78355c0 in fgetpos@@GLIBC_2.2.5 () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff7db26c3 in ln_sampChkRunawayRule (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8) at samp.c:950
        r = 1
        fpos = {__pos = 0, __state = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}}
        buf = "\000\000\000\000\000"
        cont = 1
        read = <optimized out>
#2  0x00007ffff7db297e in ln_sampRead (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8, isEof=isEof@entry=0x7fffffffe0fc) at samp.c:1024
        c = <optimized out>
        r = 0
        buf = "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}", '\000' <repeats 61232 times>...
        i = <optimized out>
        inParser = <optimized out>
#3  0x00007ffff7db35d0 in ln_sampLoadFromString (ctx=ctx@entry=0x605260, string=<optimized out>, 
    string@entry=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at samp.c:1184
        r = <optimized out>
        isEof = 0
#4  0x00007ffff7dae940 in ln_loadSamplesFromString (ctx=0x605260, 
    string=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at liblognorm.c:184
        r = 0
        tofree = 0x605360 "--NO-FILE--"
#5  0x0000000000401e0f in main ()
No symbol table info available.

[davidelang]

does it work without the newline? what is the reason you are using the newline in the json?

David Lang

On Mon, 2 Mar 2020, Mikko Kortelainen wrote:

Date: Mon, 02 Mar 2020 00:00:57 -0800 From: Mikko Kortelainen notifications@github.com Reply-To: rsyslog/liblognorm reply@reply.github.com To: rsyslog/liblognorm liblognorm@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [rsyslog/liblognorm] liblognorm crashes when using newline within json rule with string rule (#333)

/opt/Fail-Safe/rsyslog/liblognorm/bin/lognormalizer -R "$(echo -e 'rule=:%[{"type":"char-to", "name":"user", "extradata":"@"},{"type":"literal","text":"@"}\n,{"type":"rest","name":"domain"}]%')"

Segmentation fault (core dumped)

Please find gdb tracing as follows:

gdb /opt/Fail-Safe/rsyslog/liblognorm/bin/lognormalizer
(gdb) run -R "$(echo -e 'rule=:%[{"type":"char-to", "name":"user", "extradata":"@"},{"type":"literal","text":"@"}\n,{"type":"rest","name":"domain"}]%')"

(gdb) where
#0  0x00007ffff78355c0 in fgetpos@@GLIBC_2.2.5 () from /lib64/libc.so.6
#1  0x00007ffff7db26c3 in ln_sampChkRunawayRule (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8) at samp.c:950
#2  0x00007ffff7db297e in ln_sampRead (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8, isEof=isEof@entry=0x7fffffffe0fc) at samp.c:1024
#3  0x00007ffff7db35d0 in ln_sampLoadFromString (ctx=ctx@entry=0x605260, string=<optimized out>,
   string@entry=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at samp.c:1184
#4  0x00007ffff7dae940 in ln_loadSamplesFromString (ctx=0x605260,
   string=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at liblognorm.c:184
#5  0x0000000000401e0f in main ()

(gdb) bt full
#0  0x00007ffff78355c0 in fgetpos@@GLIBC_2.2.5 () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff7db26c3 in ln_sampChkRunawayRule (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8) at samp.c:950
       r = 1
       fpos = {__pos = 0, __state = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}}
       buf = "\000\000\000\000\000"
       cont = 1
       read = <optimized out>
#2  0x00007ffff7db297e in ln_sampRead (ctx=ctx@entry=0x605260, repo=repo@entry=0x0, inpbuf=inpbuf@entry=0x7fffffffe0e8, isEof=isEof@entry=0x7fffffffe0fc) at samp.c:1024
       c = <optimized out>
       r = 0
       buf = "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}", '\000' <repeats 61232 times>...
       i = <optimized out>
       inParser = <optimized out>
#3  0x00007ffff7db35d0 in ln_sampLoadFromString (ctx=ctx@entry=0x605260, string=<optimized out>,
   string@entry=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at samp.c:1184
       r = <optimized out>
       isEof = 0
#4  0x00007ffff7dae940 in ln_loadSamplesFromString (ctx=0x605260,
   string=0x7fffffffe575 "rule=:%[{\"type\":\"char-to\", \"name\":\"user\", \"extradata\":\"@\"},{\"type\":\"literal\",\"text\":\"@\"}\n,{\"type\":\"rest\",\"name\":\"domain\"}]%") at liblognorm.c:184
       r = 0
       tofree = 0x605360 "--NO-FILE--"
#5  0x0000000000401e0f in main ()
No symbol table info available.

[kortemik]

yes it does work without newline, reason to use newline is readability of the rules. from the documentation

Whitespace, including LF, is permitted inside a field definition after the opening precent sign and before the closing one.

[rgerhards]

This is caused by using a string instead of a rulebase file. We never expected that someone embeds LF here. I will see if we can fix this without complicating the code too much. Otherwise, I'll update the doc to state that this is not supported when providing rules via strings.

[kortemik]

@rgerhards would it be possible to provide a function that can pass file contents as a string in addition to filename or rulestring? I mean if we use types with string input, for example, we need to use newlines anyways with the string. They do work but not while within the %% as in:

/opt/Fail-Safe/rsyslog/liblognorm/bin/lognormalizer -R "$(echo -e 'rule=:%[{"type":"char-to", "name":"user", "extradata":"@"},{"type":"literal","text":"@"},{"type":"rest","name":"domain"}]%\ntype=@IPaddr:%ip:ipv4%')"
1
{ "originalmsg": "1", "unparsed-data": "1" }

[rgerhards]

@kortemik I think I found a simple way to make this work.

As a word of caution, string rules are meant to be used for very simple additions. You should reconsider how you do things when you put complex rules in via string rules.