Overview

File CVE-2022-24903.patch of Package rsyslog.24898

Index: rsyslog-8.4.0/plugins/imptcp/imptcp.c
===================================================================
--- rsyslog-8.4.0.orig/plugins/imptcp/imptcp.c
+++ rsyslog-8.4.0/plugins/imptcp/imptcp.c
@@ -760,7 +760,9 @@ processDataRcvd(ptcpsess_t *pThis, char
 
 	if(pThis->inputState == eInOctetCnt) {
 		if(isdigit(c)) {
-			pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
+			if(pThis->iMsg < iMaxLine) {
+				pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
+			}
 		} else { /* done with the octet count, so this must be the SP terminator */
 			DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
 			if(c != ' ') {
openSUSE Build Service is sponsored by
Places