review.tizen.org Git - platform/upstream/glibc.git/commit

author	Arjun Shankar <arjun@redhat.com>
	Mon, 15 Jan 2024 16:44:43 +0000 (17:44 +0100)
committer	Arjun Shankar <arjun@redhat.com>
	Tue, 30 Jan 2024 14:53:37 +0000 (15:53 +0100)
commit	6bd0e4efcc78f3c0115e5ea9739a1642807450da
tree	18ec2375433978e7a6aef01108958524f539a8d6	tree \| snapshot
parent	8aeec0eb5a18f9614d18156f9d6092b3525b818c	commit \| diff

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap. This commit fixes that. It also adds a new regression test
that uses glibc.malloc.check.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

misc/Makefile		diff \| blob \| history
misc/syslog.c		diff \| blob \| history
misc/tst-syslog-long-progname.c	[new file with mode: 0644]	blob
misc/tst-syslog-long-progname.root/postclean.req	[new file with mode: 0644]	blob