Fix invalid memory adressing in imklog that could case abort

resolves: rhbz#2157659
This commit is contained in:
alakatos 2023-01-06 12:25:10 +01:00
parent 58d101716c
commit 46c836e9d7
2 changed files with 27 additions and 1 deletions

View File

@ -0,0 +1,20 @@
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
index 6c24b5a2db..78cfc3bae2 100644
--- a/plugins/imklog/imklog.c
+++ b/plugins/imklog/imklog.c
@@ -453,6 +453,7 @@ ENDactivateCnf
BEGINfreeCnf
CODESTARTfreeCnf
+ free(pModConf->pszBindRuleset);
ENDfreeCnf
@@ -475,7 +476,6 @@ CODESTARTmodExit
if(pInputName != NULL)
prop.Destruct(&pInputName);
- free(runModConf->pszBindRuleset);
/* release objects we used */
objRelease(glbl, CORE_COMPONENT);
objRelease(net, CORE_COMPONENT);

View File

@ -5,7 +5,7 @@
Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog
Version: 8.2102.0
Release: 107%{?dist}
Release: 108%{?dist}
License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -35,6 +35,7 @@ Patch13: rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
Patch14: rsyslog-8.2102.0-rhbz2124849-extra-ca-files.patch
Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch
Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch
BuildRequires: make
BuildRequires: gcc
@ -284,6 +285,7 @@ mv build doc
%patch14 -p1 -b .extra-ca-files
%patch15 -p1 -b .extra-ca-files-doc
%patch16 -p1 -b .libcap-ng
%patch17 -p1 -b .imklog-leak
pushd ..
%patch9 -p1 -b .openssl-compatibility
@ -549,6 +551,10 @@ done
%changelog
* Fri Jan 06 2023 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-108
- Fix invalid memory adressing in imklog that could case abort
resolves: rhbz#2157659
* Mon Nov 21 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-107
- Drop capabilities to only the neccessary set with libcap-ng
resolves: rhbz#2127404