network(),syslog(): Fixed a potential crash for TLS destinations during reload#5303
Merged
HofiOne merged 13 commits intosyslog-ng:developfrom Apr 23, 2025
Merged
network(),syslog(): Fixed a potential crash for TLS destinations during reload#5303HofiOne merged 13 commits intosyslog-ng:developfrom
network(),syslog(): Fixed a potential crash for TLS destinations during reload#5303HofiOne merged 13 commits intosyslog-ng:developfrom
Conversation
HofiOne
force-pushed
the
tls-destination-crash
branch
from
b7231fe to
f5d45f1
Compare
Contributor
|
Build FAILURE |
HofiOne
changed the title
network(), syslog(): Fixed a potential crash for TLS destinations during reload
HofiOne
changed the title
network(), syslog(): Fixed a potential crash for TLS destinations during reload
HofiOne
changed the title
network(), syslog(): Fixed a potential crash for TLS destinations during reload
HofiOne
force-pushed
the
tls-destination-crash
branch
from
f5d45f1 to
e2da318
Compare
Contributor
|
Build FAILURE |
Collaborator
Author
|
@kira-syslogng test this please; |
Contributor
|
Build FAILURE |
HofiOne
force-pushed
the
tls-destination-crash
branch
2 times, most recently
from
3b2c445 to
4f11052
Compare
Contributor
|
Build FAILURE |
HofiOne
force-pushed
the
tls-destination-crash
branch
2 times, most recently
from
2b5512b to
c0fb725
Compare
Contributor
|
Build FAILURE |
1 similar comment
Contributor
|
Build FAILURE |
HofiOne
force-pushed
the
tls-destination-crash
branch
2 times, most recently
from
cd28906 to
9544146
Compare
HofiOne
changed the title
network(), syslog(): Fixed a potential crash for TLS destinations during reloadnetwork(),syslog(): Fixed a potential crash for TLS destinations during reload
HofiOne
force-pushed
the
tls-destination-crash
branch
from
9544146 to
e29323d
Compare
Contributor
|
Build FAILURE |
1 similar comment
Contributor
|
Build FAILURE |
Contributor
|
@kira-syslogng retest this please |
Contributor
|
Build FAILURE |
HofiOne
force-pushed
the
tls-destination-crash
branch
from
e29323d to
983e24a
Compare
Contributor
|
Build FAILURE |
Signed-off-by: Balazs Scheidler <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
It is possible to keep TLS connections alive during reload. In that case the LogWriter instance is persisted in cfg persist. This LogWriter's signal slot connector wasn't updated based on the new configuration, which could cause a crash. The signal slot connector is updated, so the newly configured verifier is used, instead of the old one. Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: László Várady <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamás Kosztyu <[email protected]> Signed-off-by: Hofi <[email protected]>
HofiOne
force-pushed
the
tls-destination-crash
branch
from
983e24a to
9f93d98
Compare
Contributor
|
Build FAILURE |
kovgeri01
approved these changes
Apr 23, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #5018
It is possible to keep TLS connections alive during reload.
In that case the LogWriter instance is persisted in cfg persist.
This LogWriter's signal slot connector wasn't updated based on the new configuration, which could cause a crash.
The signal slot connector is updated, so the newly configured verifier is used, instead of the old one.
Note that the fix in #5087 has a security issue, as in that PR, the connector's lifetime is extended, but the verifier plugins are deregistered during reload, which silently disables all TLS verifiers without the user knowing.
Backport of 418 by @sodomelle
Depends on #5322