rpms/rsyslog
5
0
Fork 0
Code Issues Pull Requests Releases Activity

rebase to 8.2204.0

Browse Source 
resolves: rhbz#1951970
  CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
  resolves: rhbz#2082302
This commit is contained in:
alakatos 2022-05-09 08:31:33 +02:00
parent 43871ce157
commit 81c2ffa0f1
2 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
rsyslog-8.2204.0-rhbz2082302-CVE-heap-based-buffer-overflow.patch Normal file
View File

@ -0,0 +1,45 @@
diff --git a/contrib/imhttp/imhttp.c b/contrib/imhttp/imhttp.c
index f09260b586..95704af985 100644
--- a/contrib/imhttp/imhttp.c
+++ b/contrib/imhttp/imhttp.c
@@ -487,7 +487,9 @@ processOctetMsgLen(const instanceConf_t *const inst, struct conn_wrkr_s *connWrk
connWrkr->parseState.iOctetsRemain = connWrkr->parseState.iOctetsRemain * 10 + ch - '0';
}
// temporarily save this character into the message buffer
- connWrkr->pMsg[connWrkr->iMsg++] = ch;
+ if(connWrkr->iMsg + 1 < s_iMaxLine) {
+ connWrkr->pMsg[connWrkr->iMsg++] = ch;
+ }
} else {
const char *remoteAddr = "";
if (connWrkr->propRemoteAddr) {
diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c
index 2df46a236c..c32dec5851 100644
--- a/plugins/imptcp/imptcp.c
+++ b/plugins/imptcp/imptcp.c
@@ -1107,7 +1107,9 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c
index 0efa2c23c4..c5442f7638 100644
--- a/runtime/tcps_sess.c
+++ b/runtime/tcps_sess.c
@@ -390,7 +390,9 @@ processDataRcvd(tcps_sess_t *pThis,
if(pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
- *(pThis->pMsg + pThis->iMsg++) = c;
+ if(pThis->iMsg < iMaxLine) {
+ *(pThis->pMsg + pThis->iMsg++) = c;
+ }
} else { /* done with the octet count, so this must be the SP terminator */
DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);

12
rsyslog.spec
View File

@ -7,8 +7,8 @@
Summary: Enhanced system logging and kernel message trapping daemon Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog Name: rsyslog
Version: 8.2102.0 Version: 8.2204.0
Release: 10%{?dist} Release: 1%{?dist}
License: (GPLv3+ and ASL 2.0) License: (GPLv3+ and ASL 2.0)
URL: http://www.rsyslog.com/ URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
@ -22,6 +22,7 @@ Source5: rsyslog.service
Source6: qpid-proton-0.34.0.tar.gz Source6: qpid-proton-0.34.0.tar.gz
Patch0: openssl3-compatibility.patch Patch0: openssl3-compatibility.patch
Patch1: rsyslog-8.2204.0-rhbz2082302-CVE-heap-based-buffer-overflow.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -299,6 +300,7 @@ pushd ..
%patch0 -p1 -b .openssl-compatibility %patch0 -p1 -b .openssl-compatibility
popd popd
%patch1 -p1 -b .CVE-buffer-overflow
%build %build
%ifarch sparc64 %ifarch sparc64
@ -584,6 +586,12 @@ done
%changelog %changelog
* Mon May 09 2022 Attila Lakatos <alakatos@redhat.com> - 8.2204.0
- rebase to 8.2204.0
resolves: rhbz#1951970
- CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
* Mon Jan 24 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-10 * Mon Jan 24 2022 Attila Lakatos <alakatos@redhat.com> - 8.2102.0-10
- Rebuild package with bundled qpid-proton - Rebuild package with bundled qpid-proton
resolves: rhbz#2042940 resolves: rhbz#2042940