projects / platform / upstream / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6bd0e4e) | patch
syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
authorArjun Shankar <arjun@redhat.com>
Mon, 15 Jan 2024 16:44:44 +0000 (17:44 +0100)
committerArjun Shankar <arjun@redhat.com>
Tue, 30 Jan 2024 14:53:37 +0000 (15:53 +0100)
commit7e5a0c286da33159d47d0122007aac016f3e02cd
tree5645de1902e9a5f08f889cdfc71adc421972ce2ftree | snapshot
parent6bd0e4efcc78f3c0115e5ea9739a1642807450dacommit | diff
syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.  This commit fixes that.

All snprintf/vsnprintf calls are checked for negative return values and
the function silently returns upon encountering them.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
misc/syslog.c diff | blob | history
Domain: System / Toolchain;