logger: bugfix: missing sanity checks with --prio-prefix option

There were no apparent sanity checks other than applying the logmask
when reading PRI values from files. As such, invalid PRIs (tested with
values 192, 210, and 2100) are accepted. This in turn can trigger
problems in various receivers, especially older versions. See here
for details:

http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

Note that 2100 was changed to 52 as described in above link.

This patch refactors PRI processing. Invalid PRIs are detected and in
this case the message is sent with the default priority, with the
invalid pri being part of the message to be sent. This is along the
line of what 2.26 did when it detected the PRI was invalid.

The refactoring now also enables pricese tracking of syslog header
length in all cases, so --size is now strictly obeyed.

[kzak@redhat.com: - fix compiler warning [-Wunused-variable]]

Signed-off-by: Karel Zak <kzak@redhat.com>
1 file changed