Commit 6bd0e4ef authored Jan 15, 2024 by Arjun Shankar

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)



__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.  This commit fixes that.  It also adds a new regression test
that uses glibc.malloc.check.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

parent 8aeec0eb

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit d1a83b67
· Feb 01, 2024

mentioned in commit d1a83b67

mentioned in commit d1a83b6767f68b3cb5b4b4ea2617254acd040c82

Toggle commit list
mirror @mirror
mentioned in commit 97a4292a
· Feb 01, 2024

mentioned in commit 97a4292a

mentioned in commit 97a4292aa4a2642e251472b878d0ec4c46a0e59a

Toggle commit list
mirror @mirror
mentioned in commit 23514c72
· Feb 01, 2024

mentioned in commit 23514c72

mentioned in commit 23514c72b780f3da097ecf33a793b7ba9c2070d2

Toggle commit list

Please register or to comment