rpms / rsyslog

Clone
Source Code
GIT

Blame SOURCES/rsyslog-8.24.0-rhbz1549706-corrupt-property-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   64216d3053822463eb099a150df40fb99ee49b6f
  2.   SOURCES
  3.   rsyslog-8.24.0-rhbz1549706-corrupt-property-crash.patch
Blob History Raw
ff08e8 
From 3a93e5e377cad7acd241f0f93de625657fada25c Mon Sep 17 00:00:00 2001
ff08e8 
From: Derek Smith <derek@slack-corp.com>
ff08e8 
Date: Wed, 21 Jun 2017 13:32:02 +0100
ff08e8 
Subject: [PATCH] type should be set back to VARTYPE_NONE incase we assigned a
ff08e8 
 property type of VARTYPE_STRING while failing to grab the length value
ff08e8
ff08e8 
---
ff08e8 
 runtime/obj.c | 8 ++++++++
ff08e8 
 1 file changed, 8 insertions(+)
ff08e8
ff08e8 
diff --git a/runtime/obj.c b/runtime/obj.c
ff08e8 
index 2186727ae6..771e5c16a7 100644
ff08e8 
--- a/runtime/obj.c
ff08e8 
+++ b/runtime/obj.c
ff08e8 
@@ -664,6 +664,14 @@ rsRetVal objDeserializeProperty(var_t *pProp, strm_t *pStrm)
ff08e8 
 	if(c != '\n') ABORT_FINALIZE(RS_RET_INVALID_PROPFRAME);
ff08e8
ff08e8 
 finalize_it:
ff08e8 
+	/* ensure the type of var is reset back to VARTYPE_NONE since
ff08e8 
+	* the deconstruct method of var might free unallocated memory
ff08e8 
+	*/
ff08e8 
+	if(iRet != RS_RET_OK && iRet != RS_RET_NO_PROPLINE) {
ff08e8 
+		if(step <= 2) {
ff08e8 
+			pProp->varType = VARTYPE_NONE;
ff08e8 
+		}
ff08e8 
+	}
ff08e8 
 	if(Debug && iRet != RS_RET_OK && iRet != RS_RET_NO_PROPLINE) {
ff08e8 
 		strm.GetCurrOffset(pStrm, &offs);
ff08e8 
 		dbgprintf("error %d deserializing property name, offset %lld, step %d\n",

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation