svn commit: r228193 - head/lib/libc/gen

Fri Dec 2 01:06:34 UTC 2011

Author: obrien
Date: Fri Dec  2 01:06:33 2011
New Revision: 228193
URL: http://svn.freebsd.org/changeset/base/228193

Log:
  Tweak the r137233 fix to r136283 -- Code was making two send() attempts
  vs. the comment documented "If we are working with a privileged socket,
  then take only one attempt".  Make the code match.
  
  Furthermore, critical privileged applications that [over] log a vast amount
  can look like a DoS to this code.  Given it's unlikely the single reattempted
  send() will succeeded, avoid usurping the scheduler in a library API for a
  single non-critical facility in critical applications.
  
  Obtained from:	Juniper Networks
  Discussed with:	glebius

Modified:
  head/lib/libc/gen/syslog.c

Modified: head/lib/libc/gen/syslog.c
==============================================================================

--- head/lib/libc/gen/syslog.c	Fri Dec  2 00:38:47 2011	(r228192)
+++ head/lib/libc/gen/syslog.c	Fri Dec  2 01:06:33 2011	(r228193)
@@ -265,7 +265,7 @@ vsyslog(int pri, const char *fmt, va_lis
 	 *  1) syslogd was restarted
 	 *  2) /var/run/log is out of socket buffer space, which
 	 *     in most cases means local DoS.
-	 * We attempt to reconnect to /var/run/log to take care of
+	 * We attempt to reconnect to /var/run/log[priv] to take care of
 	 * case #1 and keep send()ing data to cover case #2
 	 * to give syslogd a chance to empty its socket buffer.
 	 *
@@ -281,13 +281,13 @@ vsyslog(int pri, const char *fmt, va_lis
 			connectlog();
 		}
 		do {
+			if (status == CONNPRIV)
+				break;
 			_usleep(1);
 			if (send(LogFile, tbuf, cnt, 0) >= 0) {
 				THREAD_UNLOCK();
 				return;
 			}
-			if (status == CONNPRIV)
-				break;
 		} while (errno == ENOBUFS);
 	} else {
 		THREAD_UNLOCK();
