Attachment 938143 Details for Bug 1142373 – rsyslog CVE-2014-3634 fix for v3.22.4

[patch] rsyslog CVE-2014-3634 fix for v3.22.4

prifix.v3.22.4 (text/plain), 1.40 KB, created by Vincent Danen on 2014-09-16 16:30:18 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vincent Danen

Created: 2014-09-16 16:30:18 UTC

Size: 1.40 KB

patch

obsolete

>diff --git a/ChangeLog b/ChangeLog
>index cc71814..f55a2e8 100644
>--- a/ChangeLog
>+++ b/ChangeLog
>@@ -8,6 +8,8 @@ Version 3.22.4 [v3-stable] (rgerhards), 2010-??-??
>   closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
> - improved some code based on clang static analyzer results
> - bugfix: potential misadressing in property replacer
>+- bugfix: improper handling of invalid PRI values
>+  references: CVE-2014-3634
> ---------------------------------------------------------------------------
> Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24
> - bugfix(important): problem in TLS handling could cause rsyslog to loop
>diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
>index 9ce5821..70b48fb 100644
>--- a/runtime/rsyslog.h
>+++ b/runtime/rsyslog.h
>@@ -3,7 +3,7 @@
>  *
>  * Begun 2005-09-15 RGerhards
>  *
>- * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH
>+ * Copyright (C) 2005-2014 by Rainer Gerhards and Adiscon GmbH
>  *
>  * This file is part of the rsyslog runtime library.
>  *
>@@ -53,9 +53,15 @@
> #ifndef LOG_PRI
> #	define	LOG_PRI(p)	((p) & LOG_PRIMASK)
> #endif
>-#ifndef LOG_FAC
>-#	define	LOG_FAC(p)	(((p) & LOG_FACMASK) >> 3)
>-#endif
>+#undef LOG_FAC
>+/* we need to use a function to avoid side-effects. This MUST guard
>+ * against invalid facility values. rgerhards, 2014-09-16
>+ */
>+static inline int LOG_FAC(int pri)
>+{
>+	int fac = pri >> 3;
>+	return (fac > 23) ? 23 : fac;
>+}
> 
> 
> /* define some base data types */

Actions: View | Diff

Attachments on bug 1142373: 938140 | 938141 | 938142 | 938143 | 938229 | 943495 | 943496 | 943575 | 943701 | 943702