bin/39874: new syslogd problems

[gcw%primenet.com.au@localhost]

>Number:         39874
>Category:       bin
>Synopsis:       some problems with new syslogd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 07 07:20:01 +0000 2008
>Originator:     Geoff C. Wing
>Release:        NetBSD 5.99.01
>Organization:
>Environment:
System: NetBSD g.primenet.com.au 5.99.01 NetBSD 5.99.01 (G) #0: Fri Nov 7 
15:35:58 EST 2008 
gcw%g.primenet.com.au@localhost:/usr/netbsd/src/sys/arch/i386/compile/G i386
Architecture: i386
Machine: i386
>Description:
        1) syslogd creates rules for hostnames by stripping off any domain
        segments.  When creating information on hostnames for logging, it
        creates a FQDN.  It then
           a) tries to find the FQDN within the stripped name
           b) uses strcasestr

        "a" is not going to work for ~100% of syslog users.
        "b" is not a good choice but it was there before and people
        lived with it.


        2) Something bad has happened to messages from foreign hosts:

        Nov  7 16:19:20 router 1383: Nov  7 05:19:19: %SEC-6-IPACCESSLOGP:...
        Jan  1 09:59:59 Nov [7]: %LINK-3-UPDOWN: Interface FastEthernet1, ...
        Jan  1 09:59:59 Nov [7]: %LINEPROTO-5-UPDOWN: Line protocol on Int...

        The first line is from the old syslogd.  The following two are
        after rebooting and using the new syslogd (and libc).

>How-To-Repeat:
        Use it with host rules.  Look at failure.  Scratch head.
>Fix:
        Since I don't know the reasoning why certain things were chosen
        w.r.t. domain name stripping, here's the sloppy way to fix "1a".
        Maybe better would be to include a hostname without domain
        suffix in buf_msg.

Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.91
diff -u -r1.91 syslogd.c
--- usr.sbin/syslogd/syslogd.c  4 Nov 2008 18:52:25 -0000       1.91
+++ usr.sbin/syslogd/syslogd.c  7 Nov 2008 06:58:25 -0000
@@ -1827,18 +1827,26 @@
                /* do we compare with host (IMHO correct) or recvhost */
                /* (compatible)? */
                if (f->f_host != NULL && buffer->host != NULL) {
+                       char *shorthost = strdup(buffer->host);
+
+                       trim_anydomain(shorthost);
                        switch (f->f_host[0]) {
                        case '+':
-                               if (! matches_spec(buffer->host, f->f_host + 1,
-                                   strcasestr))
+                               if (! matches_spec(shorthost, f->f_host + 1,
+                                   strcasestr)) {
+                                       free(shorthost);
                                        continue;
+                               }
                                break;
                        case '-':
-                               if (matches_spec(buffer->host, f->f_host + 1,
-                                   strcasestr))
+                               if (matches_spec(shorthost, f->f_host + 1,
+                                   strcasestr)) {
+                                       free(shorthost);
                                        continue;
+                               }
                                break;
                        }
+                       free(shorthost);
                }
 
                /* skip messages with the incorrect program name */