Blob Blame History Raw
From abc0960a7561e18944a0e08d48f4eb570ea7435a Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 27 Sep 2019 15:02:52 +0200
Subject: [PATCH] pmcisconames bugfix: potential misadressing

---
 contrib/pmcisconames/pmcisconames.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c
index 7f376ad170..39506ce592 100644
--- a/contrib/pmcisconames/pmcisconames.c
+++ b/contrib/pmcisconames/pmcisconames.c
@@ -119,6 +119,11 @@ CODESTARTparse
 		--lenMsg;
 		++p2parse;
 	}
+	/* Note: we deliberately count the 0-byte below because we need to go chars+1! */
+	if(lenMsg < (int) sizeof(OpeningText)) {
+		dbgprintf("pmcisconames: too short for being cisco messages\n");
+		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+	}
 	/* skip the space after the hostname */
 	lenMsg -=1;
 	p2parse +=1;
@@ -126,7 +131,7 @@ CODESTARTparse
         /* if the syslog tag is : and the next thing starts with a % assume that this is a mangled cisco log and fix it */
 	if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) {
 		/* wrong opening text */
-	DBGPRINTF("not a cisco name mangled log!\n");
+		DBGPRINTF("not a cisco name mangled log!\n");
 		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
 	}
 	/* bump the message portion up by two characters to overwrite the extra : */