syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. This commit fixes that. It also adds a new regression test that uses glibc.malloc.check. Reviewed-by:Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by:
Carlos O'Donell <carlos@redhat.com> Tested-by:
Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 6bd0e4ef)
Loading
Please register or sign in to comment