--- ulogd.c +++ ulogd.c 2007/03/20 13:21:29 @@ -595,14 +595,15 @@ static void sigterm_handler(int signal) ipulog_destroy_handle(libulog_h); free(libulog_buf); - if (logfile != stdout && logfile != &syslog_dummy) - fclose(logfile); for (p = ulogd_outputs; p; p = p->next) { if (p->fini) (*p->fini)(); } + if (logfile != stdout && logfile != &syslog_dummy) + fclose(logfile); + exit(0); } --- extensions/printpkt.h +++ extensions/printpkt.h 2007/03/19 19:14:40 @@ -1,7 +1,7 @@ #ifndef _PRINTPKT_H #define _PRINTPKT_H -int printpkt_print(ulog_iret_t *res, char *buf, int prefix); +int printpkt_print(ulog_iret_t *res, char *buf, size_t buf_siz, int prefix); int printpkt_init(void); #endif --- extensions/printpkt.c +++ extensions/printpkt.c 2007/03/19 19:14:40 @@ -95,13 +95,22 @@ static struct intr_id intr_ids[INTR_IDS] #define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value #define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags -int printpkt_print(ulog_iret_t *res, char *buf, int prefix) +int printpkt_print(ulog_iret_t *res, char *buf, size_t buf_siz, int prefix) { char *timestr; char *tmp; time_t now; - char *buf_cur = buf; + if(buf_siz) + *buf = '\0'; + else + return 1; + +#define BUF_ADD(ptr, siz, fmt...) \ + do { \ + size_t len=strlen(ptr); \ + snprintf(((ptr)+(len)), ((siz) > (len) ? (siz)-(len) : 0), ##fmt); \ + } while(0) if (prefix) { now = (time_t) GET_VALUE(0).ui32; @@ -116,127 +125,129 @@ int printpkt_print(ulog_iret_t *res, cha *tmp = '\0'; /* print time and hostname */ - buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname); + BUF_ADD(buf, buf_siz, "%.15s %s", timestr, hostname); } - if (*(char *) GET_VALUE(1).ptr) - buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(1).ptr); + if (*((char *) GET_VALUE(1).ptr)) + BUF_ADD(buf, buf_siz, " %s", (char *) GET_VALUE(1).ptr); - buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", + BUF_ADD(buf, buf_siz, " IN=%s OUT=%s ", (char *) GET_VALUE(2).ptr, (char *) GET_VALUE(3).ptr); /* FIXME: configurable */ - buf_cur += sprintf(buf_cur, "MAC=%s ", + BUF_ADD(buf, buf_siz, "MAC=%s ", (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : ""); - buf_cur += sprintf(buf_cur, "SRC=%s ", + BUF_ADD(buf, buf_siz, "SRC=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(5).ui32)})); - buf_cur += sprintf(buf_cur, "DST=%s ", + BUF_ADD(buf, buf_siz, "DST=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(6).ui32)})); - buf_cur += sprintf(buf_cur,"LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", + BUF_ADD(buf, buf_siz, "LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK, GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8, GET_VALUE(10).ui16); if (GET_VALUE(10).ui16 & IP_RF) - buf_cur += sprintf(buf_cur, "CE "); + BUF_ADD(buf, buf_siz, "CE "); if (GET_VALUE(11).ui16 & IP_DF) - buf_cur += sprintf(buf_cur, "DF "); + BUF_ADD(buf, buf_siz, "DF "); if (GET_VALUE(11).ui16 & IP_MF) - buf_cur += sprintf(buf_cur, "MF "); + BUF_ADD(buf, buf_siz, "MF "); if (GET_VALUE(11).ui16 & IP_OFFMASK) - buf_cur += sprintf(buf_cur, "FRAG:%u ", + BUF_ADD(buf, buf_siz, "FRAG:%u ", GET_VALUE(11).ui16 & IP_OFFMASK); switch (GET_VALUE(12).ui8) { case IPPROTO_TCP: - buf_cur += sprintf(buf_cur, "PROTO=TCP "); - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u ", + BUF_ADD(buf, buf_siz, "PROTO=TCP "); + BUF_ADD(buf, buf_siz, "SPT=%u DPT=%u ", GET_VALUE(13).ui16, GET_VALUE(14).ui16); /* FIXME: config */ - buf_cur += sprintf(buf_cur, "SEQ=%u ACK=%u ", + BUF_ADD(buf, buf_siz, "SEQ=%u ACK=%u ", GET_VALUE(15).ui32, GET_VALUE(16).ui32); - buf_cur += sprintf(buf_cur, "WINDOW=%u ", GET_VALUE(17).ui16); + BUF_ADD(buf, buf_siz, "WINDOW=%u ", GET_VALUE(17).ui16); -// buf_cur += sprintf(buf_cur, "RES=0x%02x ", +// BUF_ADD(buf, buf_siz, "RES=0x%02x ", if (GET_VALUE(18).b) - buf_cur += sprintf(buf_cur, "URG "); + BUF_ADD(buf, buf_siz, "URG "); if (GET_VALUE(19).b) - buf_cur += sprintf(buf_cur, "ACK "); + BUF_ADD(buf, buf_siz, "ACK "); if (GET_VALUE(20).b) - buf_cur += sprintf(buf_cur, "PSH "); + BUF_ADD(buf, buf_siz, "PSH "); if (GET_VALUE(21).b) - buf_cur += sprintf(buf_cur, "RST "); + BUF_ADD(buf, buf_siz, "RST "); if (GET_VALUE(22).b) - buf_cur += sprintf(buf_cur, "SYN "); + BUF_ADD(buf, buf_siz, "SYN "); if (GET_VALUE(23).b) - buf_cur += sprintf(buf_cur, "FIN "); + BUF_ADD(buf, buf_siz, "FIN "); - buf_cur += sprintf(buf_cur, "URGP=%u ", GET_VALUE(24).ui16); + BUF_ADD(buf, buf_siz, "URGP=%u ", GET_VALUE(24).ui16); break; case IPPROTO_UDP: - buf_cur += sprintf(buf_cur, "PROTO=UDP "); + BUF_ADD(buf, buf_siz, "PROTO=UDP "); - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u LEN=%u ", + BUF_ADD(buf, buf_siz, "SPT=%u DPT=%u LEN=%u ", GET_VALUE(25).ui16, GET_VALUE(26).ui16, GET_VALUE(27).ui16); break; case IPPROTO_ICMP: - buf_cur += sprintf(buf_cur, "PROTO=ICMP "); + BUF_ADD(buf, buf_siz, "PROTO=ICMP "); - buf_cur += sprintf(buf_cur, "TYPE=%u CODE=%u ", + BUF_ADD(buf, buf_siz, "TYPE=%u CODE=%u ", GET_VALUE(28).ui8, GET_VALUE(29).ui8); switch (GET_VALUE(28).ui8) { case ICMP_ECHO: case ICMP_ECHOREPLY: - buf_cur += sprintf(buf_cur, "ID=%u SEQ=%u ", + BUF_ADD(buf, buf_siz, "ID=%u SEQ=%u ", GET_VALUE(30).ui16, GET_VALUE(31).ui16); break; case ICMP_PARAMETERPROB: - buf_cur += sprintf(buf_cur, "PARAMETER=%u ", + BUF_ADD(buf, buf_siz, "PARAMETER=%u ", GET_VALUE(32).ui32 >> 24); break; case ICMP_REDIRECT: - buf_cur += sprintf(buf_cur, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); + BUF_ADD(buf, buf_siz, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); break; case ICMP_DEST_UNREACH: if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED) - buf_cur += sprintf(buf_cur, "MTU=%u ", + BUF_ADD(buf, buf_siz, "MTU=%u ", GET_VALUE(33).ui16); break; } break; case IPPROTO_ESP: case IPPROTO_AH: - buf_cur += sprintf(buf_cur, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH"); + BUF_ADD(buf, buf_siz, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH"); /* FIXME: "INCOMPLETE [%u bytes]" in case of short pkt */ if (intr_ids[34].id > 0) { - buf_cur += sprintf(buf_cur, "SPI=0x%x ", GET_VALUE(34).ui32); + BUF_ADD(buf, buf_siz, "SPI=0x%x ", GET_VALUE(34).ui32); } break; default: - buf_cur += sprintf(buf_cur, "PROTO=%u ", GET_VALUE(12).ui8); + BUF_ADD(buf, buf_siz, "PROTO=%u ", GET_VALUE(12).ui8); } - strcat(buf_cur, "\n"); + BUF_ADD(buf, buf_siz, "\n"); + +#undef BUF_ADD return 0; } @@ -267,6 +278,7 @@ int printpkt_init(void) strerror(errno)); exit(2); } + hostname[sizeof(hostname)-1] = '\0'; if (get_ids()) return 1; --- extensions/ulogd_BASE.c +++ extensions/ulogd_BASE.c 2007/03/20 15:55:27 @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -63,11 +64,13 @@ static ulog_iret_t *_interp_raw(ulog_int { unsigned char *p; int i; - char *buf, *oldbuf = NULL; + char *buf, *ptr = NULL; ulog_iret_t *ret = ip->result; + size_t siz; if (pkt->mac_len) { - buf = (char *) malloc(3 * pkt->mac_len + 1); + siz = 3 * pkt->mac_len + 1; + buf = (char *) malloc(siz); if (!buf) { ulogd_log(ULOGD_ERROR, "OOM!!!\n"); return NULL; @@ -75,9 +78,11 @@ static ulog_iret_t *_interp_raw(ulog_int *buf = '\0'; p = pkt->mac; - oldbuf = buf; - for (i = 0; i < pkt->mac_len; i++, p++) - sprintf(buf, "%s%02x%c", oldbuf, *p, i==pkt->mac_len-1 ? ' ':':'); + ptr = buf; + for (i = 0; i < pkt->mac_len; i++, p++) { + snprintf(ptr, siz-(ptr-buf), "%02x%s", *p, i==pkt->mac_len-1 ? "":":"); + ptr = buf + strlen(buf); + } ret[0].value.ptr = buf; ret[0].flags |= ULOGD_RETF_VALID; } --- extensions/ulogd_LOCAL.c +++ extensions/ulogd_LOCAL.c 2007/03/20 15:33:09 @@ -93,6 +93,7 @@ void _init(void) strerror(errno)); exit(2); } + hostname[sizeof(hostname)-1] = '\0'; /* strip off everything after first '.' */ if ((tmp = strchr(hostname, '.'))) *tmp = '\0'; --- extensions/ulogd_LOGEMU.c +++ extensions/ulogd_LOGEMU.c 2007/03/20 15:36:29 @@ -67,7 +67,7 @@ static int _output_logemu(ulog_iret_t *r { static char buf[4096]; - printpkt_print(res, buf, 1); + printpkt_print(res, buf, sizeof(buf), 1); fprintf(of, "%s", buf); @@ -79,15 +79,18 @@ static int _output_logemu(ulog_iret_t *r static void signal_handler_logemu(int signal) { + FILE *old=of; + switch (signal) { case SIGHUP: ulogd_log(ULOGD_NOTICE, "syslogemu: reopening logfile\n"); - fclose(of); of = fopen64(syslogf_ce.u.string, "a"); if (!of) { ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", strerror(errno)); - exit(2); + of=old; + } else { + fclose(old); } break; default: --- extensions/ulogd_OPRINT.c +++ extensions/ulogd_OPRINT.c 2007/03/20 15:36:04 @@ -48,7 +48,7 @@ static FILE *of = NULL; static int _output_print(ulog_iret_t *res) { ulog_iret_t *ret; - + fprintf(of, "===>PACKET BOUNDARY\n"); for (ret = res; ret; ret = ret->cur_next) { fprintf(of,"%s=", ret->key); @@ -72,7 +72,10 @@ static int _output_print(ulog_iret_t *re HIPQUAD(ret->value.ui32)); break; case ULOGD_RET_NONE: - fprintf(of, ""); + fprintf(of, "\n"); + break; + default: + fprintf(of, "\n"); break; } } @@ -88,16 +91,18 @@ static config_entry_t outf_ce = { static void sighup_handler_print(int signal) { + FILE *old=of; switch (signal) { case SIGHUP: ulogd_log(ULOGD_NOTICE, "PKTLOG: reopening logfile\n"); - fclose(of); of = fopen64(outf_ce.u.string, "a"); if (!of) { ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", strerror(errno)); - exit(2); + of=old; + } else { + fclose(old); } break; default: --- extensions/ulogd_PWSNIFF.c +++ extensions/ulogd_PWSNIFF.c 2007/03/19 19:14:40 @@ -116,7 +116,7 @@ static ulog_iret_t *_interp_pwsniff(ulog return NULL; } strncpy(ret[0].value.ptr, (char *)begp, len); - *((char *)ret[0].value.ptr + len + 1) = '\0'; + *((char *)ret[0].value.ptr + len) = '\0'; } if (pw_len) { ret[1].value.ptr = (char *) malloc(pw_len+1); @@ -126,7 +126,7 @@ static ulog_iret_t *_interp_pwsniff(ulog return NULL; } strncpy(ret[1].value.ptr, (char *)pw_begp, pw_len); - *((char *)ret[1].value.ptr + pw_len + 1) = '\0'; + *((char *)ret[1].value.ptr + pw_len) = '\0'; } return ret; --- extensions/ulogd_SYSLOG.c +++ extensions/ulogd_SYSLOG.c 2007/03/19 19:14:40 @@ -61,7 +61,7 @@ static int _output_syslog(ulog_iret_t *r { static char buf[4096]; - printpkt_print(res, buf, 0); + printpkt_print(res, buf, sizeof(buf), 0); syslog(syslog_level|syslog_facility, buf); return 0;