meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001
From: Laszlo Varady <laszlo.varady@protonmail.com>
Date: Sat, 20 Aug 2022 14:30:22 +0200
Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE: CVE-2022-38725

Upstream-Status: Backport
[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396]

Signed-off-by: László Várady <laszlo.varady@protonmail.com>

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 lib/timeutils/scan-timestamp.c            | 8 ++++++--
 lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c
index d22d50973..125264677 100644
--- a/lib/timeutils/scan-timestamp.c
+++ b/lib/timeutils/scan-timestamp.c
@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length)
 static gboolean
 __has_iso_timezone(const guchar *src, gint length)
 {
-  return (length >= 5) &&
+  return (length >= 6) &&
          (*src == '+' || *src == '-') &&
          isdigit(*(src+1)) &&
          isdigit(*(src+2)) &&
          *(src+3) == ':' &&
          isdigit(*(src+4)) &&
          isdigit(*(src+5)) &&
-         !isdigit(*(src+6));
+         (length < 7 || !isdigit(*(src+6)));
 }
 
 static guint32
 __parse_iso_timezone(const guchar **data, gint *length)
 {
+  g_assert(*length >= 6);
+
   gint hours, mins;
   const guchar *src = *data;
   guint32 tz = 0;
@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length)
   hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0';
   mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0';
   tz = sign * (hours * 3600 + mins * 60);
+
   src += 6;
   (*length) -= 6;
+
   *data = src;
   return tz;
 }
diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c
index 468bbf779..d18bdc65d 100644
--- a/lib/timeutils/tests/test_scan-timestamp.c
+++ b/lib/timeutils/tests/test_scan-timestamp.c
@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly)
 
 }
 
+Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only)
+{
+  const gchar *ts = "2022-08-17T05:02:28.417+03:00";
+  gint ts_len = strlen(ts);
+  _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts);
+}
+
 
 Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones)
 {
-- 
2.34.1