Skip to content

config_format: fix possible heap overflow #7768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2023
Merged

config_format: fix possible heap overflow #7768

merged 1 commit into from
Aug 8, 2023

Conversation

@DavidKorczynski
Copy link
Contributor

@DavidKorczynski DavidKorczynski commented Jul 28, 2023

The return value of strchr is not checked for failure. If it's failure then tmp will be 0 in the (tmp-p) calculation, causing xlen to be p. xlen is later used for copying memory by way of memcpy in string creation using flb_sds_create_len. This fixes it.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • [N/A] Example configuration file for the change
  • [N/A] Debug log output from testing the change
  • [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • [N/A] Run local packaging test showing all targets (including any new ones) build.
  • [N/A] Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • [N/A] Documentation required for this feature

Backporting

  • [N/A] Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@DavidKorczynski
config_format: fix possible heap overflow
f14122f 
The return value of `strchr` is not checked for failure. If it's failure
then `tmp` will be `0` in the `(tmp-p)` calculation, causing `xlen` to
be `p`. `xlen` is later  used for copying memory by way of `memcpy` in
string creation using `flb_sds_create_len`. This fixes it.

Signed-off-by: David Korczynski <[email protected]>
@DavidKorczynski DavidKorczynski temporarily deployed to pr July 28, 2023 13:23 — with GitHub Actions Inactive
@DavidKorczynski DavidKorczynski temporarily deployed to pr July 28, 2023 13:23 — with GitHub Actions Inactive
@edsiper edsiper merged commit e784f9f into fluent:master Aug 8, 2023
@ZhongRuoyu ZhongRuoyu mentioned this pull request Sep 5, 2023
Merged
leonardo-albertovich pushed a commit that referenced this pull request Oct 5, 2023
@DavidKorczynski
config_format: fix possible heap overflow (#7768)
7c981b5 
The return value of `strchr` is not checked for failure. If it's failure
then `tmp` will be `0` in the `(tmp-p)` calculation, causing `xlen` to
be `p`. `xlen` is later  used for copying memory by way of `memcpy` in
string creation using `flb_sds_create_len`. This fixes it.

Signed-off-by: David Korczynski <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nokute78 nokute78 nokute78 approved these changes

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich

@fujimotos fujimotos Awaiting requested review from fujimotos

@koleini koleini Awaiting requested review from koleini

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DavidKorczynski @nokute78 @edsiper