valeriyvdovin / rpms / systemd

Forked from rpms/systemd 4 years ago
Clone

Blame SOURCES/0391-Fix-miscalculated-buffer-size-and-uses-of-size-unlim.patch

803fb7
From 573e86d7e9f0038044d5cba2a1a543e24b063a79 Mon Sep 17 00:00:00 2001
803fb7
From: Aleksander Adamowski <olo@fb.com>
803fb7
Date: Mon, 11 Jan 2016 15:26:41 -0800
803fb7
Subject: [PATCH] Fix miscalculated buffer size and uses of size-unlimited
803fb7
 sprintf() function.
803fb7
803fb7
Not sure if this results in an exploitable buffer overflow, probably not
803fb7
since the the int value is likely sanitized somewhere earlier and it's
803fb7
being put through a bit mask shortly before being used.
803fb7
803fb7
Cherry-picked from: 13f5402c6b734ed4c2b3e8b7c3d3bf6d815e7661
803fb7
Related: #1318994
803fb7
---
803fb7
 src/journal/journald-syslog.c | 6 +++---
803fb7
 1 file changed, 3 insertions(+), 3 deletions(-)
803fb7
803fb7
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
803fb7
index 8602b4a95..b499a0d38 100644
803fb7
--- a/src/journal/journald-syslog.c
803fb7
+++ b/src/journal/journald-syslog.c
803fb7
@@ -317,7 +317,7 @@ void server_process_syslog_message(
803fb7
         size_t label_len) {
803fb7
 
803fb7
         char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
803fb7
-             syslog_facility[sizeof("SYSLOG_FACILITY") + DECIMAL_STR_MAX(int)];
803fb7
+             syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
803fb7
         const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
803fb7
         struct iovec iovec[N_IOVEC_META_FIELDS + 6];
803fb7
         unsigned n = 0;
803fb7
@@ -348,11 +348,11 @@ void server_process_syslog_message(
803fb7
 
803fb7
         IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
803fb7
 
803fb7
-        sprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
803fb7
+        snprintf(syslog_priority, sizeof(syslog_priority), "PRIORITY=%i", priority & LOG_PRIMASK);
803fb7
         IOVEC_SET_STRING(iovec[n++], syslog_priority);
803fb7
 
803fb7
         if (priority & LOG_FACMASK) {
803fb7
-                sprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
803fb7
+                snprintf(syslog_facility, sizeof(syslog_facility), "SYSLOG_FACILITY=%i", LOG_FAC(priority));
803fb7
                 IOVEC_SET_STRING(iovec[n++], syslog_facility);
803fb7
         }
803fb7