rpms/rsyslog
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Address CVE-2022-24903, Heap-based overflow in TCP syslog server

Browse Source 
resolves: rhbz#2081403
This commit is contained in:
alakatos 2022-05-10 21:24:40 +02:00
parent 650fee9311
commit 5e71b41f76
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch Normal file
View File

@ -0,0 +1,30 @@
diff -up rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig rsyslog-8.37.0/plugins/imptcp/imptcp.c
--- rsyslog-8.37.0/plugins/imptcp/imptcp.c.orig 2022-05-09 12:22:59.050623119 +0200
+++ rsyslog-8.37.0/plugins/imptcp/imptcp.c 2022-05-09 12:34:39.979854853 +0200
@@ -1032,7 +1032,10 @@ processDataRcvd(ptcpsess_t *const __rest
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
diff -up rsyslog-8.37.0/runtime/tcps_sess.c.orig rsyslog-8.37.0/runtime/tcps_sess.c
--- rsyslog-8.37.0/runtime/tcps_sess.c.orig 2022-05-09 12:23:12.789627661 +0200
+++ rsyslog-8.37.0/runtime/tcps_sess.c 2022-05-09 12:36:51.426898549 +0200
@@ -389,7 +389,10 @@ processDataRcvd(tcps_sess_t *pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ // *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);

8
rsyslog.spec
View File

@ -5,7 +5,7 @@
Summary: Enhanced system logging and kernel message trapping daemon Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog Name: rsyslog
Version: 8.2102.0 Version: 8.2102.0
Release: 104%{?dist} Release: 105%{?dist}
License: (GPLv3+ and ASL 2.0) License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/ URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -31,6 +31,7 @@ Patch9: openssl3-compatibility.patch
Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch Patch10: rsyslog-8.2102.0-rhbz1909639-statefiles-fix.patch
Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch Patch11: rsyslog-8.2102.0-rhbz1909639-statefiles-doc.patch
Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch Patch12: rsyslog-8.2102.0-rhbz2046158-gnutls-broken-connection.patch
Patch13: rsyslog-8.37.0-rhbz2081396-CVE-2022-24903.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -275,6 +276,7 @@ mv build doc
%patch10 -p1 -b .statefile-fix %patch10 -p1 -b .statefile-fix
%patch11 -p1 %patch11 -p1
%patch12 -p1 -b .gnutls-broken-connection %patch12 -p1 -b .gnutls-broken-connection
%patch13 -p1 -b .CVE
pushd .. pushd ..
%patch9 -p1 -b .openssl-compatibility %patch9 -p1 -b .openssl-compatibility
@ -539,6 +541,10 @@ done
%changelog %changelog
* Mon May 09 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-105
- Address CVE-2022-24903, Heap-based overflow in TCP syslog server
resolves: rhbz#2081403
* Tue Apr 19 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-104 * Tue Apr 19 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-104
- Do not save patched doc files - Do not save patched doc files
resolves: rhbz#2069664 resolves: rhbz#2069664