From: bluhm Date: Thu, 16 Jun 2022 18:44:43 +0000 (+0000) Subject: OpenBSD syslogd(8) escapes binary data with vis(3). Use the X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3b624d28064dd5cfdad0a0e01978a6bf6857fe75;p=openbsd OpenBSD syslogd(8) escapes binary data with vis(3). Use the VIS_NOSLASH option to avoid additional backslashes. Although this option prevents to decode binaries, it makes automatic post processing easier. Formats like JSON use backslash escaping themself, additional escaping from syslogd would break SIEM systems. vis protection was introduced to avoid evil characters in log files and not to make binary logging possible. from Matthias Pitzl; OK deraadt@ --- diff --git a/regress/usr.sbin/syslogd/args-client-tcp-nontransp.pl b/regress/usr.sbin/syslogd/args-client-tcp-nontransp.pl index a4917065912..34e4d9ceddf 100644 --- a/regress/usr.sbin/syslogd/args-client-tcp-nontransp.pl +++ b/regress/usr.sbin/syslogd/args-client-tcp-nontransp.pl @@ -31,7 +31,7 @@ our %args = ( qr/localhost de$/ => 1, qr/localhost fg$/ => 1, # NUL terminates message qr/localhost hi $/ => 1, - qr/localhost jk\\\^G$/ => 1, # bell character visual + qr/localhost jk\^G$/ => 1, # bell character visual qr/localhost l$/ => 1, qr/localhost m$/ => 1, qr/localhost n$/ => 1, # leading spaces are striped diff --git a/regress/usr.sbin/syslogd/args-length-vis.pl b/regress/usr.sbin/syslogd/args-length-vis.pl index c3f03c2b18b..4cfce22bfcf 100644 --- a/regress/usr.sbin/syslogd/args-length-vis.pl +++ b/regress/usr.sbin/syslogd/args-length-vis.pl @@ -28,17 +28,16 @@ our %args = ( # Jan 31 00:12:39 localhost 0123456789ABC...567 loggrep => { get_charlog() => 11, - qr/^.{25} .{8182}foo\\M\^\@$/ => 1, - qr/^.{25} .{8183}foo\\M\^\@$/ => 1, - qr/^.{25} .{8184}foo\\M\^\@$/ => 1, - qr/^.{25} .{8185}foo\\M\^\@$/ => 1, - qr/^.{25} .{8186}foo\\M\^$/ => 1, - qr/^.{25} .{8187}foo\\M$/ => 1, - qr/^.{25} .{8188}foo\\$/ => 1, + qr/^.{25} .{8183}fooM\^\@$/ => 1, + qr/^.{25} .{8184}fooM\^\@$/ => 1, + qr/^.{25} .{8185}fooM\^\@$/ => 1, + qr/^.{25} .{8186}fooM\^\@$/ => 1, + qr/^.{25} .{8187}fooM\^$/ => 1, + qr/^.{25} .{8188}fooM$/ => 1, qr/^.{25} .{8189}foo$/ => 1, qr/^.{25} .{8190}fo$/ => 1, qr/^.{25} .{8191}f$/ => 1, - qr/^.{25} .{8192}$/ => 8, + qr/^.{25} .{8192}$/ => 7, }, }, ); diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index f31446f0f83..038be0574f3 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syslogd.8,v 1.60 2018/09/27 08:33:25 bluhm Exp $ +.\" $OpenBSD: syslogd.8,v 1.61 2022/06/16 18:44:43 bluhm Exp $ .\" .\" Copyright (c) 1983, 1986, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -30,7 +30,7 @@ .\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 .\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ .\" -.Dd $Mdocdate: September 27 2018 $ +.Dd $Mdocdate: June 16 2022 $ .Dt SYSLOGD 8 .Os .Sh NAME @@ -227,7 +227,8 @@ The message sent to should consist of a single line. Embedded new line characters are converted to spaces; binary data is encoded by -.Xr vis 3 . +.Xr vis 3 , +but no backslash is inserted. The message can contain a priority code, which should be a preceding decimal number in angle braces, for example, .Dq <5> . diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 4942a89ee71..d846e19c259 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.274 2022/05/04 14:47:46 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.275 2022/06/16 18:44:43 bluhm Exp $ */ /* * Copyright (c) 2014-2021 Alexander Bluhm @@ -1570,7 +1570,7 @@ printline(char *hname, char *msgstr) if (*p == '\n') *q++ = ' '; else - q = vis(q, *p, 0, 0); + q = vis(q, *p, VIS_NOSLASH, 0); } line[LOG_MAXLINE] = *q = '\0'; @@ -1626,7 +1626,7 @@ printsys(char *msgstr) q = lp; while (*p && (c = *p++) != '\n' && q < &msg.m_msg[sizeof(msg.m_msg) - 4]) - q = vis(q, c, 0, 0); + q = vis(q, c, VIS_NOSLASH, 0); logmsg(&msg, flags, LocalHostName); }