Bug 2183639

Summary: podman/conmon: null bytes in logging messages is can result in buffer overread which results in segfault
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bbaude, bdettelb, caswilli, dfreiber, dwalsh, jburrell, jligon, jnovy, kaycoth, kshier, lsm5, mboddu, mheon, nweather, pehunt, pthomas, rogbas, stcannon, tsweeney, umohnani, vkumar, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2186704, 2186706, 2183641, 2183642, 2183643, 2183644, 2183645, 2183646, 2183647, 2183648, 2183649, 2183650, 2186700, 2186701, 2186702, 2186703, 2186705, 2186707    
Bug Blocks: 2139912    

Description Michael Kaplan 2023-03-31 22:16:43 UTC 
A flaw was found in podman/conmon, where conmon doesn't take null bytes into account when it calculates msg_len but g_strdup_printf loop is interrupted when they occur. This can result in the messages being shorter than what msg_len takes into account. This can crash the conman instance for the particular container. 

References:

https://github.com/containers/conmon/issues/315
https://github.com/containers/conmon/pull/361
Comment 1 Michael Kaplan 2023-03-31 22:34:03 UTC 
Created conmon tracking bugs for this issue:

Affects: fedora-all [bug 2183643]


Created cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183644]


Created cri-o:1.20/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183645]


Created cri-o:1.21/cri-o tracking bugs for this issue:

Affects: epel-all [bug 2183642]
Affects: fedora-all [bug 2183646]


Created cri-o:1.22/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183647]


Created cri-o:1.23/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183648]


Created cri-o:1.24/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183649]


Created cri-o:1.25/cri-o tracking bugs for this issue:

Affects: fedora-all [bug 2183650]


Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2183641]