Skip to content
Commit 7e5a0c28 authored by Arjun Shankar's avatar Arjun Shankar
Browse files

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)



__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.  This commit fixes that.

All snprintf/vsnprintf calls are checked for negative return values and
the function silently returns upon encountering them.

Reviewed-by: default avatarCarlos O'Donell <carlos@redhat.com>
parent 6bd0e4ef
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment