Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging: do not read more that the buf size #361

Merged
merged 2 commits into from
Nov 3, 2022
Merged

logging: do not read more that the buf size #361

merged 2 commits into from
Nov 3, 2022

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Nov 3, 2022

msg_len doesn't take into account NUL bytes that could be present in
the buffer, while g_strdup_printf("MESSAGE=%s%s", partial_buf, buf)
does and would stop writing the string once it finds a NUL byte. This
would lead to read after the buffer end.

Build the message string manually so that the calculated length
reflects the buffer size.

Closes: #315

Signed-off-by: Giuseppe Scrivano [email protected]

@giuseppe
logging: fix error handling
4fb5e06 
sd_journal_sendv returns a negative errno, so negate it before usage.

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe mentioned this pull request Nov 3, 2022
Closed
saschagrunert
saschagrunert approved these changes Nov 3, 2022
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@haircommander
Copy link
Collaborator

@giuseppe one lint issue https://github.com/containers/conmon/pull/361/checks?check_run_id=9269929279 otherwise LGTM, thanks for taking this on

@giuseppe
logging: do not read more that the buf size
955586b 
msg_len doesn't take into account NUL bytes that could be present in
the buffer, while g_strdup_printf("MESSAGE=%s%s", partial_buf, buf)
does and would stop writing the string once it finds a NUL byte.  This
would lead to read after the buffer end.

Build the message string manually so that the calculated length
reflects the buffer size.

Closes: containers#315

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe force-pushed the do-not-read-after-buffer branch from f234c45 to 955586b Compare November 3, 2022 13:51
@evverx
Copy link

evverx commented Nov 3, 2022
edited
Loading

Thanks! I can't reproduce that issue anymore. I also wrote a (half-baked) fuzz target and it hasn't been able to find anything else either so far. Unfortunately OSS-Fuzz makes it extremely hard to add fuzz targets with external dependencies like libsystemd and glib so I'm not sure how to bring it there at this point without having to maintain glib and systemd builds. I have to run a lot fuzz targets elsewhere because of that as well.

@haircommander haircommander merged commit f903e20 into containers:main Nov 3, 2022
@giuseppe giuseppe mentioned this pull request Nov 30, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

segmentation fault with podman and ocrmypdf
4 participants
@giuseppe @haircommander @evverx @saschagrunert