blob: 0b32766a596a268b03ab75d48e17a3b4872b23a6 [file] [log] [blame]
From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 27 Sep 2019 13:36:02 +0200
Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing
---
contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
1 file changed, 9 insertions(+)
Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884]
CVE: CVE-2019-17041
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
index 37157c7d4..ebf12ebbe 100644
--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
@@ -109,6 +109,10 @@ CODESTARTparse
/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
" or "From " with the hostname */
lenMsg -=skipLen;
+ if(lenMsg < 2) {
+ dbgprintf("not a AIX message forwarded from message has nothing after header\n");
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+ }
memmove(p2parse, p2parse + skipLen, lenMsg);
*(p2parse + lenMsg) = '\n';
*(p2parse + lenMsg + 1) = '\0';
@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
--lenMsg;
++p2parse;
}
+ if (lenMsg < 1) {
+ dbgprintf("not a AIX message forwarded from message has nothing after colon "
+ "or no colon at all\n");
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+ }
if (lenMsg && *p2parse != ':') {
DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
"been removed\n");
--
2.17.1