From 20f8237870eb5e971fa068e4dd4d296f1dbef329 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards <rgerhards@adiscon.com> Date: Thu, 16 Feb 2017 19:02:36 +0100 Subject: [PATCH] core: fix potential misadressing in parser message sanitizer misadressing could happen when an oversize message made it to the sanitizer AND contained a control character in the oversize part of the message. Note that it is an error in itself that such an oversize message enters the system, but we harden the sanitizer to handle this gracefully (it will truncate the message). Note that truncation may still - as previously - happen if the number of escape characters makes the string grow above the max message size. --- runtime/parser.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/runtime/parser.c b/runtime/parser.c index 0574d982a..9645baa40 100644 --- a/runtime/parser.c +++ b/runtime/parser.c @@ -464,9 +464,15 @@ SanitizeMsg(smsg_t *pMsg) if(maxDest < sizeof(szSanBuf)) pDst = szSanBuf; else - CHKmalloc(pDst = MALLOC(iMaxLine + 1)); + CHKmalloc(pDst = MALLOC(maxDest + 1)); if(iSrc > 0) { iSrc--; /* go back to where everything is OK */ + if(iSrc > maxDest) { + DBGPRINTF("parser.Sanitize: have oversize index %zd, " + "max %zd - corrected, but should not happen\n", + iSrc, maxDest); + iSrc = maxDest; + } memcpy(pDst, pszMsg, iSrc); /* fast copy known good */ } iDst = iSrc;