From 69042706604752f42072f422671a72c49343ac45 Mon Sep 17 00:00:00 2001 From: tzyt Date: Sun, 22 Mar 2026 04:40:57 -0400 Subject: [PATCH] syslogd: Fix ereregex property filters and add test This change fixes Bug 293879, where ereregex filters in syslogd did not handle alternation correctly. The issue appears to come from mixing up two different kinds of flags: syslogd's internal serialized filter flags in usr.sbin/syslogd/syslogd.h, and the regex compilation flags from include/regex.h. ereregex was storing REG_EXTENDED in cmp_flags, even though cmp_flags is meant to carry syslogd's own FILT_FLAG_* values for configuration serialization and reconstruction. REG_EXTENDED has the same bit value as FILT_FLAG_EXCLUDE, so the filter could be reconstructed with the wrong semantics. The fix stores FILT_FLAG_EXTENDED instead, allowing syslogd to correctly REG_EXTENDED when compiling the regex. A test was also added for both ereregex and !ereregex filters. PR: 293879 Signed-off-by: tzyt Fixes: 2567168dc4986 MFC after: 1 week Reviewed-by: markj, ngie Pull-Request: https://github.com/freebsd/freebsd-src/pull/2088 --- usr.sbin/syslogd/syslogd.c | 2 +- usr.sbin/syslogd/tests/syslogd_test.sh | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index dcc74b1a93c..59cb56fd597 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -2820,7 +2820,7 @@ prop_filter_compile(const char *cfilter) pfilter.cmp_type = FILT_CMP_REGEX; else if (strcasecmp(argv[1], "ereregex") == 0) { pfilter.cmp_type = FILT_CMP_REGEX; - pfilter.cmp_flags |= REG_EXTENDED; + pfilter.cmp_flags |= FILT_FLAG_EXTENDED; } else { dprintf("unknown cmp function"); goto error; diff --git a/usr.sbin/syslogd/tests/syslogd_test.sh b/usr.sbin/syslogd/tests/syslogd_test.sh index 1f235c476c4..253a2625895 100644 --- a/usr.sbin/syslogd/tests/syslogd_test.sh +++ b/usr.sbin/syslogd/tests/syslogd_test.sh @@ -238,6 +238,28 @@ prop_filter_body() syslogd_check_log_nomatch "prop1: FreeBSD" syslogd_check_log_nomatch "prop2: freebsd" syslogd_check_log "prop3: Solaris" + + printf ":msg,ereregex,\"substring1|substring2\"\nuser.debug\t${SYSLOGD_LOGFILE}\n" \ + > "${SYSLOGD_CONFIG}" + syslogd_reload + + syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "substring1" + syslogd_check_log "prop1: substring1" + syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "substring2" + syslogd_check_log "prop2: substring2" + syslogd_log -p user.debug -t "prop3" -h "${SYSLOGD_LOCAL_SOCKET}" "substring3" + syslogd_check_log_nomatch "prop3: substring3" + + printf ":msg,!ereregex,\"substring1|substring2\"\nuser.debug\t${SYSLOGD_LOGFILE}\n" \ + > "${SYSLOGD_CONFIG}" + syslogd_reload + + syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "substring1" + syslogd_check_log_nomatch "prop1: substring1" + syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "substring2" + syslogd_check_log_nomatch "prop2: substring2" + syslogd_log -p user.debug -t "prop3" -h "${SYSLOGD_LOCAL_SOCKET}" "substring3" + syslogd_check_log "prop3: substring3" } prop_filter_cleanup() {