diff options
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | runtime/msg.c | 16 | ||||
-rw-r--r-- | runtime/net.c | 2 |
3 files changed, 23 insertions, 8 deletions
@@ -1,4 +1,10 @@ --------------------------------------------------------------------------- +Version 5.8.4 [V5-stable] (al), 2011-??-?? +- bugfix: potential misadressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checkig + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse +--------------------------------------------------------------------------- Version 5.8.3 [V5-stable] (rgerhards), 2011-07-11 - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for the ":omusrmsg:" syntax in configuring user messages @@ -852,6 +858,12 @@ Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- +Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? +- bugfix: potential misadressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checkig + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse +--------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax in configuring user messages @@ -1557,6 +1569,7 @@ Version 3.22.4 [v3-stable] (rgerhards), 2010-??-?? offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - improved some code based on clang static analyzer results +- bugfix: potential misadressing in property replacer --------------------------------------------------------------------------- Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24 - bugfix(important): problem in TLS handling could cause rsyslog to loop diff --git a/runtime/msg.c b/runtime/msg.c index 36c958ec..cc7b463d 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -2875,6 +2875,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, } } +dbgprintf("prop repl 4, pRes='%s', len %d\n", pRes, bufLen); /* Take care of spurious characters to make the property safe * for a path definition */ @@ -2952,7 +2953,13 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, } /* check for "." and ".." (note the parenthesis in the if condition!) */ - if((*pRes == '.') && (*(pRes + 1) == '\0' || (*(pRes + 1) == '.' && *(pRes + 2) == '\0'))) { + if(*pRes == '\0') { + if(*pbMustBeFreed == 1) + free(pRes); + pRes = UCHAR_CONSTANT("_"); + bufLen = 1; + *pbMustBeFreed = 0; + } else if((*pRes == '.') && (*(pRes + 1) == '\0' || (*(pRes + 1) == '.' && *(pRes + 2) == '\0'))) { uchar *pTmp = pRes; if(*(pRes + 1) == '\0') @@ -2962,12 +2969,6 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, if(*pbMustBeFreed == 1) free(pTmp); *pbMustBeFreed = 0; - } else if(*pRes == '\0') { - if(*pbMustBeFreed == 1) - free(pRes); - pRes = UCHAR_CONSTANT("_"); - bufLen = 1; - *pbMustBeFreed = 0; } } @@ -3039,6 +3040,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, bufLen = ustrlen(pRes); *pPropLen = bufLen; +dbgprintf("end prop repl, pRes='%s', len %d\n", pRes, bufLen); ENDfunc return(pRes); } diff --git a/runtime/net.c b/runtime/net.c index 789790f6..4781739f 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -722,7 +722,7 @@ static rsRetVal AddAllowedSender(struct AllowedSenders **ppRoot, struct AllowedS SIN(allowIP.addr.NetAddr)->sin_port = 0; memcpy(&(SIN(allowIP.addr.NetAddr)->sin_addr.s_addr), &(SIN6(res->ai_addr)->sin6_addr.s6_addr32[3]), - sizeof (struct sockaddr_in)); + sizeof (in_addr_t)); if((iRet = AddAllowedSenderEntry(ppRoot, ppLast, &allowIP, iSignificantBits)) |