From 0d2dfae26de9ddf711c8e70299f675ca09c253fd Mon Sep 17 00:00:00 2001
From: jasper <jasper@openbsd.org>
Date: Mon, 5 Sep 2011 18:24:08 +0000
Subject: [PATCH] Security fix for CVE-2011-3200, rsyslog: parseLegacySyslogMsg
 off-by-two buffer overflow

---
 sysutils/rsyslog/Makefile                     |  4 ++--
 .../rsyslog/patches/patch-tools_syslogd_c     | 22 ++++++++++++++++---
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/sysutils/rsyslog/Makefile b/sysutils/rsyslog/Makefile
index f413b1e146a..9da50f4fa35 100644
--- a/sysutils/rsyslog/Makefile
+++ b/sysutils/rsyslog/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.7 2011/07/07 00:22:37 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.8 2011/09/05 18:24:08 jasper Exp $
 
 SHARED_ONLY =		Yes
 
@@ -15,7 +15,7 @@ PKGNAME-mysql =		rsyslog-mysql-$V
 PKGNAME-pgsql =		rsyslog-pgsql-$V
 CATEGORIES =		sysutils
 
-REVISION-main =		1
+REVISION-main =		2
 
 HOMEPAGE =		http://www.rsyslog.com/
 
diff --git a/sysutils/rsyslog/patches/patch-tools_syslogd_c b/sysutils/rsyslog/patches/patch-tools_syslogd_c
index 2e0c9264709..854befc2728 100644
--- a/sysutils/rsyslog/patches/patch-tools_syslogd_c
+++ b/sysutils/rsyslog/patches/patch-tools_syslogd_c
@@ -1,6 +1,13 @@
-$OpenBSD: patch-tools_syslogd_c,v 1.1.1.1 2010/07/29 21:40:21 steven Exp $
---- tools/syslogd.c.orig	Wed Jul  7 11:43:39 2010
-+++ tools/syslogd.c	Sun Jul 25 21:39:57 2010
+$OpenBSD: patch-tools_syslogd_c,v 1.2 2011/09/05 18:24:08 jasper Exp $
+
+Last chunk:
+Security fix for CVE-2011-3200,
+rsyslog: parseLegacySyslogMsg off-by-two buffer overflow
+
+Patch from upstream via redhat: https://bugzilla.redhat.com/show_bug.cgi?id=727644
+
+--- tools/syslogd.c.orig	Thu Aug  5 11:33:54 2010
++++ tools/syslogd.c	Mon Sep  5 20:22:07 2011
 @@ -173,9 +173,8 @@ static rsRetVal GlobalClassExit(void);
  #endif
  #endif
@@ -13,3 +20,12 @@ $OpenBSD: patch-tools_syslogd_c,v 1.1.1.1 2010/07/29 21:40:21 steven Exp $
  
  #ifndef _PATH_MODDIR
  #       if defined(__FreeBSD__)
+@@ -1291,7 +1290,7 @@ int parseLegacySyslogMsg(msg_t *pMsg, int flags)
+ 		 * outputs so that only 32 characters max are used by default.
+ 		 */
+ 		i = 0;
+-		while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE) {
++		while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE - 2) {
+ 			bufParseTAG[i++] = *p2parse++;
+ 			--lenMsg;
+ 		}