newsyslog: Fix stack corruption when initializing a zipwork structure.

This happens when compressing a previously uncompressed already-rotated
file, as happens when handling the 'p' flag in newsyslog.conf.  The file
name is stored in a flexible array member, so these structures cannot be
stack allocated.

Also make sure that we call change_attrs() and do_zipwork() in dry-run
mode; they handle this properly, contrary to the commit log message for
r327451.

CID:		1008168
Github PR:	https://github.com/freebsd/freebsd/pull/427
MFC after:	2 weeks
Submitted by:	Radek Brich (original version)

1 files changed, 17 insertions, 11 deletions

diff --git a/usr.sbin/newsyslog/newsyslog.c b/usr.sbin/newsyslog/newsyslog.c
index 29be08036010..71c244839d98 100644
--- a/usr.sbin/newsyslog/newsyslog.c
+++ b/usr.sbin/newsyslog/newsyslog.c
@@ -1829,17 +1829,23 @@ do_rotate(const struct conf_entry *ent)
 		else {
 			/* XXX - Ought to be checking for failure! */
 			(void)rename(zfile1, zfile2);
-			change_attrs(zfile2, ent);
-			if (ent->compress && !strlen(logfile_suffix)) {
-				/* compress old rotation */
-				struct zipwork_entry zwork;
-
-				memset(&zwork, 0, sizeof(zwork));
-				zwork.zw_conf = ent;
-				zwork.zw_fsize = sizefile(zfile2);
-				strcpy(zwork.zw_fname, zfile2);
-				do_zipwork(&zwork);
-			}
+		}
+		change_attrs(zfile2, ent);
+		if (ent->compress && strlen(logfile_suffix) == 0) {
+			/* compress old rotation */
+			struct zipwork_entry *zwork;
+			size_t sz;
+
+			sz = sizeof(*zwork) + strlen(zfile2) + 1;
+			zwork = calloc(1, sz);
+			if (zwork == NULL)
+				err(1, "calloc");
+
+			zwork->zw_conf = ent;
+			zwork->zw_fsize = sizefile(zfile2);
+			strcpy(zwork->zw_fname, zfile2);
+			do_zipwork(zwork);
+			free(zwork);
 		}
 	}