rpms/libqb
5
0
Fork 0
Code Issues Pull Requests Releases Activity

blackbox: fix buffer overflow with long log lines

Browse Source 
Resolves: rhbz#2236171
This commit is contained in:
Christine Caulfield 2023-09-01 09:05:20 +01:00
parent a311ad354f
commit e95cb110c4
2 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
bz2236171-fix-bb-overflow.patch Normal file
View File

@ -0,0 +1,51 @@
commit 1bbaa929b77113532785c408dd1b41cd0521ffc8
Author: Chrissie Caulfield <ccaulfie@redhat.com>
Date: Thu Jul 20 07:19:01 2023 +0100
log: fix potential overflow with long log messages (#490)
qb_vsnprintf_serialize was called with 'max_size' as the
limiting number for the length of the formatted log
message. But the buffer also needs to contain the
log header (given by 'actual_size'), so we now pass
't->max_line_length' as the maximum length of the
formatted log message to limit space to the actual
bytes left
Also added error checks to the blackbox calls at
the end of the test, as these now provide a proper
test that the BB is functioning. Before they were
masking failures.
diff --git a/lib/log_blackbox.c b/lib/log_blackbox.c
index 3e30504..8519a48 100644
--- a/lib/log_blackbox.c
+++ b/lib/log_blackbox.c
@@ -110,8 +110,8 @@ _blackbox_vlogger(int32_t target,
chunk += sizeof(uint32_t);
/* log message */
- msg_len = qb_vsnprintf_serialize(chunk, max_size, cs->format, ap);
- if (msg_len >= max_size) {
+ msg_len = qb_vsnprintf_serialize(chunk, t->max_line_length, cs->format, ap);
+ if (msg_len >= t->max_line_length) {
chunk = msg_len_pt + sizeof(uint32_t); /* Reset */
/* Leave this at QB_LOG_MAX_LEN so as not to overflow the blackbox */
diff --git a/tests/check_log.c b/tests/check_log.c
index 039a4bb..e5abf40 100644
--- a/tests/check_log.c
+++ b/tests/check_log.c
@@ -832,8 +832,10 @@ START_TEST(test_log_long_msg)
qb_log(LOG_INFO, "Message %d %d - %s", lpc, lpc%600, buffer);
}
- qb_log_blackbox_write_to_file("blackbox.dump");
- qb_log_blackbox_print_from_file("blackbox.dump");
+ rc = qb_log_blackbox_write_to_file("blackbox.dump");
+ ck_assert_int_gt(rc, 0);
+ rc = qb_log_blackbox_print_from_file("blackbox.dump");
+ ck_assert_int_le(rc, 0);
unlink("blackbox.dump");
qb_log_fini();
}

10
libqb.spec
View File

@ -3,7 +3,7 @@
Name: libqb Name: libqb
Version: 2.0.6 Version: 2.0.6
Release: 2%{?dist} Release: 3%{?dist}
Summary: Library providing high performance logging, tracing, ipc, and poll Summary: Library providing high performance logging, tracing, ipc, and poll
License: LGPLv2+ License: LGPLv2+
@ -11,6 +11,7 @@ URL: https://github.com/ClusterLabs/libqb
Source0: https://github.com/ClusterLabs/libqb/releases/download/v%{version}/%{name}-%{version}.tar.xz Source0: https://github.com/ClusterLabs/libqb/releases/download/v%{version}/%{name}-%{version}.tar.xz
Patch0: bz2149647-connretry-recv.patch Patch0: bz2149647-connretry-recv.patch
Patch1: bz2236171-fix-bb-overflow.patch
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
BuildRequires: check-devel BuildRequires: check-devel
@ -31,8 +32,7 @@ architecture, such as logging, tracing, inter-process communication (IPC),
and polling. and polling.
%prep %prep
%setup -q -n %{name}-%{version} %autosetup -p1
%patch0 -p1 -b .bz2149647-connretry-recv.patch
%build %build
./autogen.sh ./autogen.sh
@ -105,6 +105,10 @@ This package contains a program to create nicely-formatted man pages from Doxyge
%changelog %changelog
* Fri Sep 1 2023 Christine Caulfield <ccaulfie@redhat.com> 2.0.6-3
- blackbox: fix buffer overflow with long log lines
Resolves: rhbz#2236171
* Thu Dec 1 2022 Christine Caulfield <ccaulfie@redhat.com> 2.0.6-1 * Thu Dec 1 2022 Christine Caulfield <ccaulfie@redhat.com> 2.0.6-1
- ipc: Retry receiving credentials if the the message is short - ipc: Retry receiving credentials if the the message is short
Resolves: rhbz2149647 Resolves: rhbz2149647