| From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001 |
| From: Rainer Gerhards <rgerhards@adiscon.com> |
| Date: Fri, 27 Sep 2019 13:36:02 +0200 |
| Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing |
| |
| --- |
| contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++ |
| 1 file changed, 9 insertions(+) |
| |
| Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884] |
| CVE: CVE-2019-17041 |
| Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> |
| |
| diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c |
| index 37157c7d4..ebf12ebbe 100644 |
| --- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c |
| +++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c |
| @@ -109,6 +109,10 @@ CODESTARTparse |
| /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from |
| " or "From " with the hostname */ |
| lenMsg -=skipLen; |
| + if(lenMsg < 2) { |
| + dbgprintf("not a AIX message forwarded from message has nothing after header\n"); |
| + ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); |
| + } |
| memmove(p2parse, p2parse + skipLen, lenMsg); |
| *(p2parse + lenMsg) = '\n'; |
| *(p2parse + lenMsg + 1) = '\0'; |
| @@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */ |
| --lenMsg; |
| ++p2parse; |
| } |
| + if (lenMsg < 1) { |
| + dbgprintf("not a AIX message forwarded from message has nothing after colon " |
| + "or no colon at all\n"); |
| + ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); |
| + } |
| if (lenMsg && *p2parse != ':') { |
| DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has " |
| "been removed\n"); |
| -- |
| 2.17.1 |
| |