diff --git a/lib/libc/gen/syslog.c b/lib/libc/gen/syslog.c --- a/lib/libc/gen/syslog.c +++ b/lib/libc/gen/syslog.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -61,7 +62,7 @@ #define MAXLINE 8192 static int LogFile = -1; /* fd for log */ -static int status; /* connection status */ +static bool connected; /* have done connect */ static int opened; /* have done openlog() */ static int LogStat = 0; /* status bits, set by openlog() */ static const char *LogTag = NULL; /* string to tag the entry with */ @@ -85,12 +86,6 @@ static void connectlog(void); /* (re)connect to syslogd */ static void openlog_unlocked(const char *, int, int); -enum { - NOCONN = 0, - CONNDEF, - CONNPRIV, -}; - /* * Format of the magic cookie passed through the stdio hook */ @@ -291,48 +286,19 @@ connectlog(); /* - * If the send() fails, there are two likely scenarios: - * 1) syslogd was restarted - * 2) /var/run/log is out of socket buffer space, which - * in most cases means local DoS. - * If the error does not indicate a full buffer, we address - * case #1 by attempting to reconnect to /var/run/log[priv] - * and resending the message once. - * - * If we are working with a privileged socket, the retry - * attempts end there, because we don't want to freeze a - * critical application like su(1) or sshd(8). - * - * Otherwise, we address case #2 by repeatedly retrying the - * send() to give syslogd a chance to empty its socket buffer. + * If the send() failed, there are two likely scenarios: + * 1) syslogd was restarted. In this case make one (only) attempt + * to reconnect. + * 2) We filled our buffer due to syslogd not being able to read + * as fast as we write. In this case prefer to lose the current + * message rather than whole buffer of previously logged data. */ - if (send(LogFile, tbuf, cnt, 0) < 0) { if (errno != ENOBUFS) { - /* - * Scenario 1: syslogd was restarted - * reconnect and resend once - */ disconnectlog(); connectlog(); if (send(LogFile, tbuf, cnt, 0) >= 0) return; - /* - * if the resend failed, fall through to - * possible scenario 2 - */ - } - while (errno == ENOBUFS) { - /* - * Scenario 2: out of socket buffer space - * possible DoS, fail fast on a privileged - * socket - */ - if (status == CONNPRIV) - break; - _usleep(1); - if (send(LogFile, tbuf, cnt, 0) >= 0) - return; } } else return; @@ -389,7 +355,7 @@ _close(LogFile); LogFile = -1; } - status = NOCONN; /* retry connect */ + connected = false; /* retry connect */ } /* Should be called with mutex acquired */ @@ -413,29 +379,16 @@ } } } - if (LogFile != -1 && status == NOCONN) { + if (!connected) { SyslogAddr.sun_len = sizeof(SyslogAddr); SyslogAddr.sun_family = AF_UNIX; - /* - * First try privileged socket. If no success, - * then try default socket. - */ - (void)strncpy(SyslogAddr.sun_path, _PATH_LOG_PRIV, + (void)strncpy(SyslogAddr.sun_path, _PATH_LOG, sizeof SyslogAddr.sun_path); if (_connect(LogFile, (struct sockaddr *)&SyslogAddr, sizeof(SyslogAddr)) != -1) - status = CONNPRIV; - - if (status == NOCONN) { - (void)strncpy(SyslogAddr.sun_path, _PATH_LOG, - sizeof SyslogAddr.sun_path); - if (_connect(LogFile, (struct sockaddr *)&SyslogAddr, - sizeof(SyslogAddr)) != -1) - status = CONNDEF; - } - - if (status == NOCONN) { + connected = true; + else { (void)_close(LogFile); LogFile = -1; } @@ -477,7 +430,7 @@ LogFile = -1; } LogTag = NULL; - status = NOCONN; + connected = false; THREAD_UNLOCK(); }