Tweak the r137233 fix to r136283 -- Code was making two send() attempts
vs. the comment documented "If we are working with a privileged socket, then take only one attempt". Make the code match. Furthermore, critical privileged applications that [over] log a vast amount can look like a DoS to this code. Given it's unlikely the single reattempted send() will succeeded, avoid usurping the scheduler in a library API for a single non-critical facility in critical applications. Obtained from: Juniper Networks Discussed with: glebius
This commit is contained in:
parent
98cd494e62
commit
c35cac10ec
@ -265,7 +265,7 @@ vsyslog(int pri, const char *fmt, va_list ap)
|
||||
* 1) syslogd was restarted
|
||||
* 2) /var/run/log is out of socket buffer space, which
|
||||
* in most cases means local DoS.
|
||||
* We attempt to reconnect to /var/run/log to take care of
|
||||
* We attempt to reconnect to /var/run/log[priv] to take care of
|
||||
* case #1 and keep send()ing data to cover case #2
|
||||
* to give syslogd a chance to empty its socket buffer.
|
||||
*
|
||||
@ -281,13 +281,13 @@ vsyslog(int pri, const char *fmt, va_list ap)
|
||||
connectlog();
|
||||
}
|
||||
do {
|
||||
if (status == CONNPRIV)
|
||||
break;
|
||||
_usleep(1);
|
||||
if (send(LogFile, tbuf, cnt, 0) >= 0) {
|
||||
THREAD_UNLOCK();
|
||||
return;
|
||||
}
|
||||
if (status == CONNPRIV)
|
||||
break;
|
||||
} while (errno == ENOBUFS);
|
||||
} else {
|
||||
THREAD_UNLOCK();
|
||||
|
Loading…
Reference in New Issue
Block a user