diff options
Diffstat (limited to 'meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch')
-rw-r--r-- | meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch new file mode 100644 index 0000000000..cb81b1c122 --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch @@ -0,0 +1,37 @@ +From 73b5c300b8fde5e7a4824baa83a04931279abb37 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:42:38 +0200 +Subject: [PATCH 4/8] timeutils: fix iterating out of the range of timestamp buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> +Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 304a57673..4fbe94a36 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -332,7 +332,7 @@ __parse_usec(const guchar **data, gint *length) + src++; + (*length)--; + } +- while (isdigit(*src)) ++ while (*length > 0 && isdigit(*src)) + { + src++; + (*length)--; +-- +2.34.1 + |