diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 16:01:12 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 16:01:12 +0200 |
commit | a8b231875ba6990422f85bd60237c5a2f3c4e7d0 (patch) | |
tree | 247851ec5e4a91e02390d0fff3e2549f52759e20 | |
parent | e14d353e69a75290c3e4004df79f42a22bfe4cab (diff) | |
parent | 43dd1bc0e659f3ddce2f2c5138864d36a5647846 (diff) | |
download | rsyslog-a8b231875ba6990422f85bd60237c5a2f3c4e7d0.tar.gz rsyslog-a8b231875ba6990422f85bd60237c5a2f3c4e7d0.tar.xz rsyslog-a8b231875ba6990422f85bd60237c5a2f3c4e7d0.zip |
Merge branch 'beta'
Conflicts:
ChangeLog
-rw-r--r-- | ChangeLog | 15 | ||||
-rw-r--r-- | tools/pmrfc3164.c | 4 |
2 files changed, 11 insertions, 8 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- -Version 6.3.5 [DEVEL] (rgerhards/al), 2011-??-?? +Version 6.3.5 [DEVEL] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - imudp&imtcp now report error if no listener at all was defined Thanks to Marcin for suggesting this error message. - bugfix: potential misadressing in property replacer @@ -48,7 +49,8 @@ Version 6.3.2 [DEVEL] (rgerhards), 2011-07-06 This leak is tied to error conditions which lead to incorrect cleanup of some data structures. --------------------------------------------------------------------------- -Version 6.1.12 [BETA] (al), 2011-??-?? +Version 6.1.12 [BETA], 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer - bugfix: memcpy overflow can occur in allowed sender checkig if a name is resolved to IPv4-mapped-on-IPv6 address @@ -349,7 +351,8 @@ Version 5.9.0 [V5-DEVEL] (rgerhards), 2011-06-08 affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 --------------------------------------------------------------------------- -Version 5.8.5 [V5-stable] (rgerhards/al), 2011-??-?? +Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential hang condition during tag emulation - bugfix: too-early string termination during tag emulation - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) @@ -1222,11 +1225,13 @@ Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- -Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? +Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer -- bugfix: memcpy overflow can occur in allowed sender checkig +- bugfix: memcpy overflow can occur in allowed sender checking if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c index d56e53f0..6d2d22b1 100644 --- a/tools/pmrfc3164.c +++ b/tools/pmrfc3164.c @@ -176,9 +176,8 @@ CODESTARTparse * in RFC3164...). We now receive the full size, but will modify the * outputs so that only 32 characters max are used by default. */ -dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); i = 0; - while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE) { + while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i < CONF_TAG_MAXSIZE - 2) { bufParseTAG[i++] = *p2parse++; --lenMsg; } @@ -192,7 +191,6 @@ dbgprintf("pmrfc3164:tag:in: lenMsg %d, p2parse: '%s'\n", lenMsg, p2parse); * is considered OK. So we do not need to check for empty TAG. -- rgerhards, 2009-06-23 */ bufParseTAG[i] = '\0'; /* terminate string */ -dbgprintf("pmrfc3164:tag:done: lenMsg %d, i %d, bufParseTAG: '%s'\n", lenMsg, i, bufParseTAG); MsgSetTAG(pMsg, bufParseTAG, i); } else {/* we enter this code area when the user has instructed rsyslog NOT * to parse HOSTNAME and TAG - rgerhards, 2006-03-13 |