diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:35:02 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:35:02 +0200 |
| commit | 645a8541d5bbd7cfc0dd9e9f434cce280acf7af8 (patch) | |
| tree | b388099c17ffba05be37e8cc679aec315fc64cbb | |
| parent | 154747929f87010b444af2d552f980daafe451e6 (diff) | |
| parent | d654e51e2c54e6042a73ee6c95062c916161cdbe (diff) | |
| download | rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.tar.gz rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.tar.xz rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.zip | |
Merge branch 'v4-stable' into v5-stable
Conflicts:
ChangeLog
tools/syslogd.c
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | tools/pmrfc3164.c | 4 |
2 files changed, 7 insertions, 6 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- -Version 5.8.5 [V5-stable] (rgerhards/al), 2011-??-?? +Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential hang condition during tag emulation - bugfix: too-early string termination during tag emulation - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) @@ -869,11 +870,13 @@ Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- -Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? +Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer -- bugfix: memcpy overflow can occur in allowed sender checkig +- bugfix: memcpy overflow can occur in allowed sender checking if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c index d56e53f0..6d2d22b1 100644 --- a/tools/pmrfc3164.c +++ b/tools/pmrfc3164.c @@ -176,9 +176,8 @@ CODESTARTparse * in RFC3164...). We now receive the full size, but will modify the * outputs so that only 32 characters max are used by default. */ -dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); i = 0; - while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE) { + while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE - 2) { bufParseTAG[i++] = *p2parse++; --lenMsg; } @@ -192,7 +191,6 @@ dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); * is considered OK. So we do not need to check for empty TAG. -- rgerhards, 2009-06-23 */ bufParseTAG[i] = '\0'; /* terminate string */ -dbgprintf("pmrfc3164:tag:done: lenMsg %d, i %d, bufParseTAG: '%s'\n", lenMsg, i, bufParseTAG); MsgSetTAG(pMsg, bufParseTAG, i); } else {/* we enter this code area when the user has instructed rsyslog NOT * to parse HOSTNAME and TAG - rgerhards, 2006-03-13 |