packages/libqb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libqb/CVE-2023-39976.patch
liningjie 9aa01f95bc fix CVE-2023-39976
2023-08-14 22:53:11 +08:00

58 lines
2.0 KiB
Diff
Raw Blame History

From 1bbaa929b77113532785c408dd1b41cd0521ffc8 Mon Sep 17 00:00:00 2001
From: Chrissie Caulfield <ccaulfie@redhat.com>
Date: Thu, 20 Jul 2023 07:19:01 +0100
Subject: [PATCH] log: fix potential overflow with long log messages (#490)
qb_vsnprintf_serialize was called with 'max_size' as the
limiting number for the length of the formatted log
message. But the buffer also needs to contain the
log header (given by 'actual_size'), so we now pass
't->max_line_length' as the maximum length of the
formatted log message to limit space to the actual
bytes left
Also added error checks to the blackbox calls at
the end of the test, as these now provide a proper
test that the BB is functioning. Before they were
masking failures.
---
lib/log_blackbox.c | 4 ++--
tests/check_log.c | 6 ++++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/log_blackbox.c b/lib/log_blackbox.c
index 3e30504..8519a48 100644
--- a/lib/log_blackbox.c
+++ b/lib/log_blackbox.c
@@ -110,8 +110,8 @@ _blackbox_vlogger(int32_t target,
chunk += sizeof(uint32_t);
/* log message */
- msg_len = qb_vsnprintf_serialize(chunk, max_size, cs->format, ap);
- if (msg_len >= max_size) {
+ msg_len = qb_vsnprintf_serialize(chunk, t->max_line_length, cs->format, ap);
+ if (msg_len >= t->max_line_length) {
chunk = msg_len_pt + sizeof(uint32_t); /* Reset */
/* Leave this at QB_LOG_MAX_LEN so as not to overflow the blackbox */
diff --git a/tests/check_log.c b/tests/check_log.c
index 039a4bb..e5abf40 100644
--- a/tests/check_log.c
+++ b/tests/check_log.c
@@ -832,8 +832,10 @@ START_TEST(test_log_long_msg)
qb_log(LOG_INFO, "Message %d %d - %s", lpc, lpc%600, buffer);
}
- qb_log_blackbox_write_to_file("blackbox.dump");
- qb_log_blackbox_print_from_file("blackbox.dump");
+ rc = qb_log_blackbox_write_to_file("blackbox.dump");
+ ck_assert_int_gt(rc, 0);
+ rc = qb_log_blackbox_print_from_file("blackbox.dump");
+ ck_assert_int_le(rc, 0);
unlink("blackbox.dump");
qb_log_fini();
}
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink