upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-27 20:02:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

BUG/MINOR: log: look for the end of priority before the end of the buffer

Browse source 
In parse_log_message(), the first loop looks for '>' that finishes the
priority field, and unfortunately it stops once it has checked the first
byte after the end of the buffer. This means that a priority made only
of digits for the whole buffer would read one extra byte. In practice
since pools have a tag at the end this is only detectable when using ASAN,
but this should be fixed nevertheless.

This can be backported to all versions.

It's worth noting that RFC5424 now says that the PRI field is 1..3
digits only, so maybe at some point we could seriously limit the
length as well.
This commit is contained in:
Willy Tarreau 2026-05-23 21:14:04 +02:00
parent 8e1d33a648
commit 478e7e52cb
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/log.c
View file

@ -5499,7 +5499,7 @@ void parse_log_message(char *buf, size_t buflen, int *level, int *facility,
return;
fac_level = 10*fac_level + (*p - '0');
p++;
if ((p - buf) > buflen)
if ((p - buf) >= buflen)
return;
}