diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-extended/rsyslog')
3 files changed, 76 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch new file mode 100644 index 000000000..b494ca687 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch @@ -0,0 +1,31 @@ +From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001 +From: Philippe Duveau <pduveau@users.noreply.github.com> +Date: Tue, 24 Sep 2019 20:45:25 +0200 +Subject: [PATCH] Out of bounds issue + +Add a new sanity check after determining the level len. +--- + contrib/pmdb2diag/pmdb2diag.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6] +CVE: CVE-2019-17040 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c +index 2b5916301..5810eb4df 100644 +--- a/contrib/pmdb2diag/pmdb2diag.c ++++ b/contrib/pmdb2diag/pmdb2diag.c +@@ -134,6 +134,10 @@ CODESTARTparse2 + ABORT_FINALIZE(0); + } + ++ /* let recheck with the real level len */ ++ if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len) ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ + DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity); + + end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ; +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch new file mode 100644 index 000000000..0b32766a5 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch @@ -0,0 +1,43 @@ +From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards <rgerhards@adiscon.com> +Date: Fri, 27 Sep 2019 13:36:02 +0200 +Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing + +--- + contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884] +CVE: CVE-2019-17041 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + +diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +index 37157c7d4..ebf12ebbe 100644 +--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c ++++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +@@ -109,6 +109,10 @@ CODESTARTparse + /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from + " or "From " with the hostname */ + lenMsg -=skipLen; ++ if(lenMsg < 2) { ++ dbgprintf("not a AIX message forwarded from message has nothing after header\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + memmove(p2parse, p2parse + skipLen, lenMsg); + *(p2parse + lenMsg) = '\n'; + *(p2parse + lenMsg + 1) = '\0'; +@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */ + --lenMsg; + ++p2parse; + } ++ if (lenMsg < 1) { ++ dbgprintf("not a AIX message forwarded from message has nothing after colon " ++ "or no colon at all\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + if (lenMsg && *p2parse != ':') { + DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has " + "been removed\n"); +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb index bbb4b119a..f9e44421d 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb @@ -23,6 +23,8 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t file://rsyslog.logrotate \ file://use-pkgconfig-to-check-libgcrypt.patch \ file://run-ptest \ + file://0001-Out-of-bounds-issue.patch \ + file://0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch \ " SRC_URI_append_libc-musl = " \ |