On 5/13/22 20:54, Rainer Gerhards wrote:
Full info: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
I've read this carefully. This document explicitly states: "While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer". So the question is: if an upstream commit f211042ecbb472f9d8beb4678a65d272b6f07705 really fixes this issue, what particular buffer the sentence above is about? As shown by 'git show f211042ecbb472f9d8beb4678a65d272b6f07705 --diff-merges=on', this is a merge commit of two (excluding tests and docs) unrelated pieces - 'prctl()' quirk to set the thread name and adjustments to 'isValidHexNum()' and 'syntax_ipv6(). The both of the latter doesn't write any buffers. Am I missing something? Thanks, Dmitry _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
