diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:52:00 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:52:00 +0200 |
commit | 43dd1bc0e659f3ddce2f2c5138864d36a5647846 (patch) | |
tree | 3c99854d11464d86f49870902e52e67c594ce196 | |
parent | c1108d7af1ca04b2c485bd87a8cbbf044ffde6fb (diff) | |
parent | 645a8541d5bbd7cfc0dd9e9f434cce280acf7af8 (diff) | |
download | rsyslog-43dd1bc0e659f3ddce2f2c5138864d36a5647846.tar.gz rsyslog-43dd1bc0e659f3ddce2f2c5138864d36a5647846.tar.xz rsyslog-43dd1bc0e659f3ddce2f2c5138864d36a5647846.zip |
Merge branch 'v5-stable' into beta
Conflicts:
ChangeLog
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | tools/pmrfc3164.c | 4 |
2 files changed, 9 insertions, 7 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- -Version 6.1.12 [BETA] (al), 2011-??-?? +Version 6.1.12 [BETA], 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer - bugfix: memcpy overflow can occur in allowed sender checkig if a name is resolved to IPv4-mapped-on-IPv6 address @@ -221,7 +222,8 @@ Version 5.9.0 [V5-DEVEL] (rgerhards), 2011-03-?? affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 --------------------------------------------------------------------------- -Version 5.8.5 [V5-stable] (rgerhards/al), 2011-??-?? +Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential hang condition during tag emulation - bugfix: too-early string termination during tag emulation - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) @@ -1092,11 +1094,13 @@ Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- -Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? +Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer -- bugfix: memcpy overflow can occur in allowed sender checkig +- bugfix: memcpy overflow can occur in allowed sender checking if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c index d56e53f0..6d2d22b1 100644 --- a/tools/pmrfc3164.c +++ b/tools/pmrfc3164.c @@ -176,9 +176,8 @@ CODESTARTparse * in RFC3164...). We now receive the full size, but will modify the * outputs so that only 32 characters max are used by default. */ -dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); i = 0; - while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE) { + while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE - 2) { bufParseTAG[i++] = *p2parse++; --lenMsg; } @@ -192,7 +191,6 @@ dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); * is considered OK. So we do not need to check for empty TAG. -- rgerhards, 2009-06-23 */ bufParseTAG[i] = '\0'; /* terminate string */ -dbgprintf("pmrfc3164:tag:done: lenMsg %d, i %d, bufParseTAG: '%s'\n", lenMsg, i, bufParseTAG); MsgSetTAG(pMsg, bufParseTAG, i); } else {/* we enter this code area when the user has instructed rsyslog NOT * to parse HOSTNAME and TAG - rgerhards, 2006-03-13 |