| From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001 |
| From: Philippe Duveau <pduveau@users.noreply.github.com> |
| Date: Tue, 24 Sep 2019 20:45:25 +0200 |
| Subject: [PATCH] Out of bounds issue |
| |
| Add a new sanity check after determining the level len. |
| --- |
| contrib/pmdb2diag/pmdb2diag.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6] |
| CVE: CVE-2019-17040 |
| Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> |
| diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c |
| index 2b5916301..5810eb4df 100644 |
| --- a/contrib/pmdb2diag/pmdb2diag.c |
| +++ b/contrib/pmdb2diag/pmdb2diag.c |
| @@ -134,6 +134,10 @@ CODESTARTparse2 |
| ABORT_FINALIZE(0); |
| } |
| |
| + /* let recheck with the real level len */ |
| + if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len) |
| + ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); |
| + |
| DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity); |
| |
| end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ; |
| -- |
| 2.17.1 |
| |