|
 |
ff08e8 |
From abc0960a7561e18944a0e08d48f4eb570ea7435a Mon Sep 17 00:00:00 2001
|
|
|
ff08e8 |
From: Rainer Gerhards <rgerhards@adiscon.com>
|
|
|
ff08e8 |
Date: Fri, 27 Sep 2019 15:02:52 +0200
|
|
|
ff08e8 |
Subject: [PATCH] pmcisconames bugfix: potential misadressing
|
|
|
ff08e8 |
|
|
|
ff08e8 |
---
|
|
|
ff08e8 |
contrib/pmcisconames/pmcisconames.c | 7 ++++++-
|
|
|
ff08e8 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
ff08e8 |
|
|
|
ff08e8 |
diff --git a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c
|
|
|
ff08e8 |
index 7f376ad170..39506ce592 100644
|
|
|
ff08e8 |
--- a/contrib/pmcisconames/pmcisconames.c
|
|
|
ff08e8 |
+++ b/contrib/pmcisconames/pmcisconames.c
|
|
|
ff08e8 |
@@ -119,6 +119,11 @@ CODESTARTparse
|
|
|
ff08e8 |
--lenMsg;
|
|
|
ff08e8 |
++p2parse;
|
|
|
ff08e8 |
}
|
|
|
ff08e8 |
+ /* Note: we deliberately count the 0-byte below because we need to go chars+1! */
|
|
|
ff08e8 |
+ if(lenMsg < (int) sizeof(OpeningText)) {
|
|
|
ff08e8 |
+ dbgprintf("pmcisconames: too short for being cisco messages\n");
|
|
|
ff08e8 |
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
|
|
|
ff08e8 |
+ }
|
|
|
ff08e8 |
/* skip the space after the hostname */
|
|
|
ff08e8 |
lenMsg -=1;
|
|
|
ff08e8 |
p2parse +=1;
|
|
|
ff08e8 |
@@ -126,7 +131,7 @@ CODESTARTparse
|
|
|
ff08e8 |
/* if the syslog tag is : and the next thing starts with a % assume that this is a mangled cisco log and fix it */
|
|
|
ff08e8 |
if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) {
|
|
|
ff08e8 |
/* wrong opening text */
|
|
|
ff08e8 |
- DBGPRINTF("not a cisco name mangled log!\n");
|
|
|
ff08e8 |
+ DBGPRINTF("not a cisco name mangled log!\n");
|
|
|
ff08e8 |
ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
|
|
|
ff08e8 |
}
|
|
|
ff08e8 |
/* bump the message portion up by two characters to overwrite the extra : */
|