Overview

File CVE-2022-24903.patch of Package rsyslog.29819

Index: rsyslog-8.2106.0/contrib/imhttp/imhttp.c
===================================================================
--- rsyslog-8.2106.0.orig/contrib/imhttp/imhttp.c
+++ rsyslog-8.2106.0/contrib/imhttp/imhttp.c
@@ -435,7 +435,9 @@ processOctetMsgLen(const instanceConf_t
 				connWrkr->parseState.iOctetsRemain = connWrkr->parseState.iOctetsRemain * 10 + ch - '0';
 			}
 			// temporarily save this character into the message buffer
-			connWrkr->pMsg[connWrkr->iMsg++] = ch;
+			if(connWrkr->iMsg + 1 < s_iMaxLine) {
+				connWrkr->pMsg[connWrkr->iMsg++] = ch;
+			}
 		} else {
 			const char *remoteAddr = "";
 			if (connWrkr->propRemoteAddr) {
Index: rsyslog-8.2106.0/plugins/imptcp/imptcp.c
===================================================================
--- rsyslog-8.2106.0.orig/plugins/imptcp/imptcp.c
+++ rsyslog-8.2106.0/plugins/imptcp/imptcp.c
@@ -1107,7 +1107,9 @@ processDataRcvd(ptcpsess_t *const __rest
 			if(pThis->iOctetsRemain <= 200000000) {
 				pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
 			}
-			*(pThis->pMsg + pThis->iMsg++) = c;
+			if(pThis->iMsg < iMaxLine) {
+				*(pThis->pMsg + pThis->iMsg++) = c;
+			}
 		} else { /* done with the octet count, so this must be the SP terminator */
 			DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
 			prop.GetString(pThis->peerName, &propPeerName, &lenPeerName);
Index: rsyslog-8.2106.0/runtime/tcps_sess.c
===================================================================
--- rsyslog-8.2106.0.orig/runtime/tcps_sess.c
+++ rsyslog-8.2106.0/runtime/tcps_sess.c
@@ -389,7 +389,9 @@ processDataRcvd(tcps_sess_t *pThis,
 			if(pThis->iOctetsRemain <= 200000000) {
 				pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
 			}
-			*(pThis->pMsg + pThis->iMsg++) = c;
+			if(pThis->iMsg < iMaxLine) {
+				*(pThis->pMsg + pThis->iMsg++) = c;
+			}
 		} else { /* done with the octet count, so this must be the SP terminator */
 			DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain);
 			prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName);
openSUSE Build Service is sponsored by
Places