Skip to content
Commit d1a83b67 authored by Arjun Shankar's avatar Arjun Shankar
Browse files

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)



__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.  This commit fixes that.  It also adds a new regression test
that uses glibc.malloc.check.

Reviewed-by: default avatarAdhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: default avatarCarlos O'Donell <carlos@redhat.com>
Tested-by: default avatarCarlos O'Donell <carlos@redhat.com>
(cherry picked from commit 6bd0e4ef)
parent cc5b5da1
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment