Skip to content

analysisd: fix off-by-one in OS_CleanMSG.#1824

Merged
ddpbsd merged 1 commit intoossec:masterfrom
cpu:cpu-fix-os_cleanmsg-off-by-one
Jan 17, 2020
Merged

analysisd: fix off-by-one in OS_CleanMSG.#1824
ddpbsd merged 1 commit intoossec:masterfrom
cpu:cpu-fix-os_cleanmsg-off-by-one

Conversation

@cpu
Copy link

@cpu cpu commented Jan 16, 2020
edited
Loading

When removing the "[ID xx facility.severity] " substring of a syslog message in OS_CleanMSG care needs to be taken to stay within the bounds of the msg buffer when advancing past the "] " in the msg.

Prev. to this commit the pieces pointer is incremented by 2 when there may be only 1 character remaining before the null terminator.

Resolves #1816

@cpu cpu mentioned this pull request Jan 16, 2020
Closed
analysisd: fix off-by-one in OS_CleanMSG.
353ef15 
When removing the '[ID xx facility.severity]' substring of a syslog
message in `OS_CleanMSG` care needs to be taken to stay within the
bounds of the msg buffer when advancing past the `] ` in the msg.

Prev. to this commit the `pieces` pointer is incremented by 2 when there
may be only 1 character remaining before the null terminator.
@cpu cpu force-pushed the cpu-fix-os_cleanmsg-off-by-one branch from c2d16bd to 353ef15 Compare January 16, 2020 21:41
@cpu cpu mentioned this pull request Jan 16, 2020
Closed
@ddpbsd ddpbsd merged commit 942f1cf into ossec:master Jan 17, 2020
@cpu cpu deleted the cpu-fix-os_cleanmsg-off-by-one branch January 17, 2020 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2020-8443: analysisd: OS_CleanMSG off-by-one heap overflow cleaning syslog msgs.

2 participants

@cpu @ddpbsd