From 6aeec7bf83135224400362598f0cc7ebef655195 Mon Sep 17 00:00:00 2001 From: David Buckley Date: Tue, 12 Apr 2022 17:38:49 +0100 Subject: [PATCH] Fix non-null-terminated-string used with strlen The `failedmsg_entry` expects a null-terminated string in `key`, but here we allocate with malloc and copy a string-with-length-n into only the first n bytes. If the final byte is null, this is by coincidence only. We've observed this by means of seeing random binary data appended to keys submitted to kafka apparently at random, and this looks like a smoking gun. Conflict:NA Reference:https://github.com/rsyslog/rsyslog/commit/2c8c9db065cef3b5086c90c3782ac48da40c8b2f --- plugins/omkafka/omkafka.c | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/omkafka/omkafka.c b/plugins/omkafka/omkafka.c index 850dfc0..e6cb2ea 100644 --- a/plugins/omkafka/omkafka.c +++ b/plugins/omkafka/omkafka.c @@ -350,6 +350,7 @@ const size_t msglen, const char *const topicname) return NULL; } memcpy(etry->key, key, keylen); + etry->key[keylen] = '\0'; } else { etry->key=NULL; } -- 2.33.0