X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/abc8c2d61c65757011d9d32abb01cd1e51232f3a..refs/pull/1034/head:/print-syslog.c

diff --git a/print-syslog.c b/print-syslog.c
index a3b56ce4..916a2f20 100644
--- a/print-syslog.c
+++ b/print-syslog.c
@@ -15,6 +15,7 @@
  */
 
 /* \summary: Syslog protocol printer */
+/* specification: RFC 3164 (not RFC 5424) */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -90,24 +91,21 @@ syslog_print(netdissect_options *ndo,
      * severity and facility values
      */
 
-    if (GET_U_1(pptr) == '<') {
-        msg_off++;
-        while (msg_off <= SYSLOG_MAX_DIGITS &&
-               GET_U_1(pptr + msg_off) >= '0' &&
-               GET_U_1(pptr + msg_off) <= '9') {
-            pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
-            msg_off++;
-        }
-        if (GET_U_1(pptr + msg_off) != '>') {
-            nd_print_trunc(ndo);
-            return;
-        }
+    if (GET_U_1(pptr) != '<')
+        goto invalid;
+    msg_off++;
+
+    while (msg_off <= SYSLOG_MAX_DIGITS &&
+           GET_U_1(pptr + msg_off) >= '0' &&
+           GET_U_1(pptr + msg_off) <= '9') {
+        pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
         msg_off++;
-    } else {
-        nd_print_trunc(ndo);
-        return;
     }
 
+    if (GET_U_1(pptr + msg_off) != '>')
+        goto invalid;
+    msg_off++;
+
     facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
     severity = pri & SYSLOG_SEVERITY_MASK;
 
@@ -128,10 +126,25 @@ syslog_print(netdissect_options *ndo,
            severity);
 
     /* print the syslog text in verbose mode */
-    for (; msg_off < len; msg_off++) {
-        fn_print_char(ndo, GET_U_1(pptr + msg_off));
-    }
+    /*
+     * RFC 3164 Section 4.1.3: "There is no ending delimiter to this part.
+     * The MSG part of the syslog packet MUST contain visible (printing)
+     * characters."
+     *
+     * RFC 5424 Section 8.2: "This document does not impose any mandatory
+     * restrictions on the MSG or PARAM-VALUE content.  As such, they MAY
+     * contain control characters, including the NUL character."
+     *
+     * Hence, to aid in protocol debugging, print the full MSG without
+     * beautification to make it clear what was transmitted on the wire.
+     */
+    if (len > msg_off)
+        nd_printjn(ndo, pptr + msg_off, len - msg_off);
 
     if (ndo->ndo_vflag > 1)
         print_unknown_data(ndo, pptr, "\n\t", len);
+    return;
+
+invalid:
+    nd_print_invalid(ndo);
 }