1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: log: fix parse_log_message rfc5424 size check

Browse Source 
In parse_log_message(), if log is rfc5424 compliant, p pointer
is incremented and size is not. However size is still used in further
checks as if p pointer was not incremented.

This could lead to logic error or buffer overflow if input buf is not
null-terminated.

Fixing this by making sure size is up to date where it is needed.

It could be backported up to 2.4.
This commit is contained in:
Aurelien DARRAGON 2022-11-22 11:17:11 +01:00 committed by Christopher Faulet
parent 9dce88ba2c
commit ab9efc25f0
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/log.c
View File

@ -3234,6 +3234,7 @@ void parse_log_message(char *buf, size_t buflen, int *level, int *facility,
*/ */
p += 2; p += 2;
*size -= 2;
/* timestamp is NILVALUE '-' */ /* timestamp is NILVALUE '-' */
if (*size > 2 && (p[0] == '-') && p[1] == ' ') { if (*size > 2 && (p[0] == '-') && p[1] == ' ') {
metadata[LOG_META_TIME] = ist2(p, 1); metadata[LOG_META_TIME] = ist2(p, 1);