6eefe2f8f4
A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
26 lines
843 B
Diff
26 lines
843 B
Diff
From a5be8b3a8ddc498de4ad041757285136a55d97e3 Mon Sep 17 00:00:00 2001
|
|
From: XiangfeiCH <chenthrone@163.com>
|
|
Date: Tue, 12 Apr 2022 00:13:35 +0800
|
|
Subject: [PATCH] Fix stack-buffer-overflow at zlog_conf_build_with_file
|
|
|
|
[Retrieved from:
|
|
https://github.com/HardySimpson/zlog/commit/a5be8b3a8ddc498de4ad041757285136a55d97e3]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
src/conf.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/conf.c b/src/conf.c
|
|
index 0f862fa..9a4cb75 100644
|
|
--- a/src/conf.c
|
|
+++ b/src/conf.c
|
|
@@ -305,7 +305,7 @@ static int zlog_conf_build_with_file(zlog_conf_t * a_conf)
|
|
/* Oops the buffer is full - what now? */
|
|
pline = line;
|
|
} else {
|
|
- for (p--; isspace((int)*p); --p)
|
|
+ for (p--; p >= line && isspace((int)*p); --p)
|
|
/*EMPTY*/;
|
|
p++;
|
|
*p = 0;
|