anitazha / rpms / systemd

Forked from rpms/systemd 3 years ago
Clone

Blame SOURCES/0221-syslog-fix-segfault-in-syslog_parse_priority.patch

Brian Stinson 2593d8
From 8bd791fb3a8e85063e297204bdef8004aacd22b1 Mon Sep 17 00:00:00 2001
Brian Stinson 2593d8
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Brian Stinson 2593d8
Date: Wed, 8 Aug 2018 18:27:15 +0900
Brian Stinson 2593d8
Subject: [PATCH] syslog: fix segfault in syslog_parse_priority()
Brian Stinson 2593d8
Brian Stinson 2593d8
(cherry picked from commit a5ee33b951cfa22db53d0274c9c6c0d9d4dae39d)
Brian Stinson 2593d8
Brian Stinson 2593d8
Resolves: #1761519
Brian Stinson 2593d8
---
Brian Stinson 2593d8
 src/basic/syslog-util.c           | 20 +++++++++++---------
Brian Stinson 2593d8
 src/journal/test-journal-syslog.c | 20 ++++++++++++++++++++
Brian Stinson 2593d8
 2 files changed, 31 insertions(+), 9 deletions(-)
Brian Stinson 2593d8
Brian Stinson 2593d8
diff --git a/src/basic/syslog-util.c b/src/basic/syslog-util.c
Brian Stinson 2593d8
index 21461fa581..fe129482f3 100644
Brian Stinson 2593d8
--- a/src/basic/syslog-util.c
Brian Stinson 2593d8
+++ b/src/basic/syslog-util.c
Brian Stinson 2593d8
@@ -10,7 +10,8 @@
Brian Stinson 2593d8
 
Brian Stinson 2593d8
 int syslog_parse_priority(const char **p, int *priority, bool with_facility) {
Brian Stinson 2593d8
         int a = 0, b = 0, c = 0;
Brian Stinson 2593d8
-        int k;
Brian Stinson 2593d8
+        const char *end;
Brian Stinson 2593d8
+        size_t k;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
         assert(p);
Brian Stinson 2593d8
         assert(*p);
Brian Stinson 2593d8
@@ -19,21 +20,22 @@ int syslog_parse_priority(const char **p, int *priority, bool with_facility) {
Brian Stinson 2593d8
         if ((*p)[0] != '<')
Brian Stinson 2593d8
                 return 0;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
-        if (!strchr(*p, '>'))
Brian Stinson 2593d8
+        end = strchr(*p, '>');
Brian Stinson 2593d8
+        if (!end)
Brian Stinson 2593d8
                 return 0;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
-        if ((*p)[2] == '>') {
Brian Stinson 2593d8
+        k = end - *p;
Brian Stinson 2593d8
+        assert(k > 0);
Brian Stinson 2593d8
+
Brian Stinson 2593d8
+        if (k == 2)
Brian Stinson 2593d8
                 c = undecchar((*p)[1]);
Brian Stinson 2593d8
-                k = 3;
Brian Stinson 2593d8
-        } else if ((*p)[3] == '>') {
Brian Stinson 2593d8
+        else if (k == 3) {
Brian Stinson 2593d8
                 b = undecchar((*p)[1]);
Brian Stinson 2593d8
                 c = undecchar((*p)[2]);
Brian Stinson 2593d8
-                k = 4;
Brian Stinson 2593d8
-        } else if ((*p)[4] == '>') {
Brian Stinson 2593d8
+        } else if (k == 4) {
Brian Stinson 2593d8
                 a = undecchar((*p)[1]);
Brian Stinson 2593d8
                 b = undecchar((*p)[2]);
Brian Stinson 2593d8
                 c = undecchar((*p)[3]);
Brian Stinson 2593d8
-                k = 5;
Brian Stinson 2593d8
         } else
Brian Stinson 2593d8
                 return 0;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
@@ -46,7 +48,7 @@ int syslog_parse_priority(const char **p, int *priority, bool with_facility) {
Brian Stinson 2593d8
         else
Brian Stinson 2593d8
                 *priority = (*priority & LOG_FACMASK) | c;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
-        *p += k;
Brian Stinson 2593d8
+        *p += k + 1;
Brian Stinson 2593d8
         return 1;
Brian Stinson 2593d8
 }
Brian Stinson 2593d8
 
Brian Stinson 2593d8
diff --git a/src/journal/test-journal-syslog.c b/src/journal/test-journal-syslog.c
Brian Stinson 2593d8
index 7294cde032..120477cc9f 100644
Brian Stinson 2593d8
--- a/src/journal/test-journal-syslog.c
Brian Stinson 2593d8
+++ b/src/journal/test-journal-syslog.c
Brian Stinson 2593d8
@@ -4,6 +4,7 @@
Brian Stinson 2593d8
 #include "journald-syslog.h"
Brian Stinson 2593d8
 #include "macro.h"
Brian Stinson 2593d8
 #include "string-util.h"
Brian Stinson 2593d8
+#include "syslog-util.h"
Brian Stinson 2593d8
 
Brian Stinson 2593d8
 static void test_syslog_parse_identifier(const char *str,
Brian Stinson 2593d8
                                          const char *ident, const char *pid, const char *rest, int ret) {
Brian Stinson 2593d8
@@ -19,6 +20,17 @@ static void test_syslog_parse_identifier(const char *str,
Brian Stinson 2593d8
         assert_se(streq(buf, rest));
Brian Stinson 2593d8
 }
Brian Stinson 2593d8
 
Brian Stinson 2593d8
+static void test_syslog_parse_priority(const char *str, int priority, int ret) {
Brian Stinson 2593d8
+        const char *buf = str;
Brian Stinson 2593d8
+        int priority2, ret2;
Brian Stinson 2593d8
+
Brian Stinson 2593d8
+        ret2 = syslog_parse_priority(&buf, &priority2, false);
Brian Stinson 2593d8
+
Brian Stinson 2593d8
+        assert_se(ret == ret2);
Brian Stinson 2593d8
+        if (ret2 == 1)
Brian Stinson 2593d8
+                assert_se(priority == priority2);
Brian Stinson 2593d8
+}
Brian Stinson 2593d8
+
Brian Stinson 2593d8
 int main(void) {
Brian Stinson 2593d8
         test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", "xxx", 11);
Brian Stinson 2593d8
         test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, "xxx", 6);
Brian Stinson 2593d8
@@ -33,5 +45,13 @@ int main(void) {
Brian Stinson 2593d8
         test_syslog_parse_identifier("pidu: ", "pidu", NULL, "", 6);
Brian Stinson 2593d8
         test_syslog_parse_identifier("pidu : ", NULL, NULL, "pidu : ", 0);
Brian Stinson 2593d8
 
Brian Stinson 2593d8
+        test_syslog_parse_priority("<>", 0, 0);
Brian Stinson 2593d8
+        test_syslog_parse_priority("<>aaa", 0, 0);
Brian Stinson 2593d8
+        test_syslog_parse_priority("<aaaa>", 0, 0);
Brian Stinson 2593d8
+        test_syslog_parse_priority("<aaaa>aaa", 0, 0);
Brian Stinson 2593d8
+        test_syslog_parse_priority(" <aaaa>", 0, 0);
Brian Stinson 2593d8
+        test_syslog_parse_priority(" <aaaa>aaa", 0, 0);
Brian Stinson 2593d8
+        /* TODO: add test cases of valid priorities */
Brian Stinson 2593d8
+
Brian Stinson 2593d8
         return 0;
Brian Stinson 2593d8
 }