From ab9efc25f07b9870c827e2da05fe23a084a8b8f4 Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Tue, 22 Nov 2022 11:17:11 +0100 Subject: [PATCH] BUG/MINOR: log: fix parse_log_message rfc5424 size check In parse_log_message(), if log is rfc5424 compliant, p pointer is incremented and size is not. However size is still used in further checks as if p pointer was not incremented. This could lead to logic error or buffer overflow if input buf is not null-terminated. Fixing this by making sure size is up to date where it is needed. It could be backported up to 2.4. --- src/log.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/log.c b/src/log.c index 1fdcd8159..cf140cdd9 100644 --- a/src/log.c +++ b/src/log.c @@ -3234,6 +3234,7 @@ void parse_log_message(char *buf, size_t buflen, int *level, int *facility, */ p += 2; + *size -= 2; /* timestamp is NILVALUE '-' */ if (*size > 2 && (p[0] == '-') && p[1] == ' ') { metadata[LOG_META_TIME] = ist2(p, 1);