search

syslog-ng / syslog-ng

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.
https://www.syslog-ng.com
Other
2.07k stars 465 forks source link

Fuzzing discovery #5001

Open nivelus opened 1 week ago

nivelus commented 1 week ago

syslog-ng

Version of syslog-ng

syslog-ng 4 (4.7.1.324.g4bd09cf)

Platform

NAME="Debian GNU/Linux" VERSION_ID="12"

Issue

Failure

#0  0x00000000000001e1 in ?? ()
#1  0x0000154dc2231223 in _free (self=0x5584a4972e40) at lib/logpipe.c:118
#2  0x0000154dc22312ef in log_pipe_unref (self=0x5584a4972e40) at lib/logpipe.c:133
#3  0x0000154dc22215f9 in cfg_parser_cleanup (self=0x154dc1c3b240 <rate_limit_filter_parser>,
    instance=0x5584a4972e40) at lib/cfg-parser.c:319
#4  0x0000154dc22487c4 in plugin_construct_from_config (
    self=0x154dc1c3b280 <rate_limit_filter_plugins>, lexer=0x5584a4973ae0, arg=0x0)
    at lib/plugin.c:114
#5  0x0000154dc221b32e in cfg_parse_plugin (cfg=0x5584a494b2f0,
    plugin=0x154dc1c3b280 <rate_limit_filter_plugins>, yylloc=0x7fffd3d68df8, arg=0x0)
    at lib/cfg.c:249
#6  0x0000154dc227d92d in filter_expr_parse (lexer=0x5584a4973ae0, result=0x7fffd3d6b0f8, arg=0x0)
    at lib/filter/filter-expr-grammar.y:617
#7  0x0000154dc2221541 in cfg_parser_parse (self=0x154dc2346220 <filter_expr_parser>,
    lexer=0x5584a4973ae0, instance=0x7fffd3d6b0f8, arg=0x0) at lib/cfg-parser.c:300
#8  0x0000154dc225d9bf in main_parse (lexer=0x5584a4973ae0, dummy=0x7fffd3d6d518, arg=0x0)
    at lib/cfg-grammar.y:658
#9  0x0000154dc2221541 in cfg_parser_parse (self=0x154dc2344bc0 <main_parser>, lexer=0x5584a4973ae0,
    instance=0x7fffd3d6d518, arg=0x0) at lib/cfg-parser.c:300
#10 0x0000154dc221bfdb in cfg_run_parser (self=0x5584a494b2f0, lexer=0x5584a4973ae0,
    parser=0x154dc2344bc0 <main_parser>, result=0x7fffd3d6d518, arg=0x0) at lib/cfg.c:562
#11 0x0000154dc221c46d in cfg_read_config (self=0x5584a494b2f0,
    fname=0x5584a49319c0 "/home/levin/syslog-ng/destdir/cfg/id000000", preprocess_into=0x0)
    at lib/cfg.c:684
#12 0x0000154dc223f365 in main_loop_read_and_init_config (self=0x154dc2348d60 <main_loop>)
    at lib/mainloop.c:692
#13 0x00005584a44baa15 in main (argc=1, argv=0x7fffd3d6d6d8) at syslog-ng/main.c:320

Steps to reproduce

Run syslog-ng with provided configuration

Configuration

filter x{throttle@version:3.3#

source s^log{
  system(�nternal(g-ng logs
}�oup(f''''tags'or("/"));

�og
 t(;
  g(f''''''g_@version:3.3#

sourh  loames (off);

log

smart-multi-line: error opening smart-multi-line.fsm file; filename='/usr/local/share/syslog-ng/smart-multi-line.fsm', error='No such file or directory (2)'
smart-multi-line: your smart-multi-line.fsm seems to be empty or non-existent, automatic multi-line log extraction will probably not work; filename='/usr/local/share/syslog-ng/smart-multi-line.fsm'
WARNING: the throttle() filter has been renamed to rate-limit() in syslog-ng 3.36, please update your configuration to use the name rate-limit() instead of throttle(); location='#buffer:0:0'
Error parsing rate-limit-filter, syntax error, unexpected invalid token, expecting '(' in /home/tester/syslog-ng/destdir/cfg/id000000:1:18-1:19:
1-----> filter x{throttle@version:3.3#
1----->                  ^
2
3       source s^log{
4         system(�nternal(g-ng logs
5       }�oup(f''''tags'or("/"));
6

Segmentation fault (core dumped)
therandomstring commented 1 week ago

Thank you for the report.

Since config files are unlikely to be accessed by a malicious actor or corrupted in such a way to reproduce the crash in this issue, we deemed this to be a low priority problem, however we will still look into the matter.