Commit 7e5a0c28 authored Jan 15, 2024 by Arjun Shankar

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)



__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.  This commit fixes that.

All snprintf/vsnprintf calls are checked for negative return values and
the function silently returns upon encountering them.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

parent 6bd0e4ef

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 2bc9d7c0
· Feb 01, 2024

mentioned in commit 2bc9d7c0

mentioned in commit 2bc9d7c002bdac38b5c2a3f11b78e309d7765b83

Toggle commit list
mirror @mirror
mentioned in commit 67062ecc
· Feb 01, 2024

mentioned in commit 67062ecc

mentioned in commit 67062eccd9a65d7fda9976a56aeaaf6c25a80214

Toggle commit list
mirror @mirror
mentioned in commit d0338312
· Feb 01, 2024

mentioned in commit d0338312

mentioned in commit d0338312aace5bbfef85e03055e1212dd0e49578

Toggle commit list

Please register or to comment