diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-05-20 22:06:23 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-05-31 14:30:23 +0200 |
commit | 324d6aa92629d4368b517f5c4d17a103c69098be (patch) | |
tree | 1c371592c8e40ee9e5169447347eda0454839636 | |
parent | 2e69f4114c4a71a874bfee39600d6adc0d0064a5 (diff) | |
download | systemd-324d6aa92629d4368b517f5c4d17a103c69098be.tar.gz |
shared/logs-show: fix mixup between length-based memory duplication and string operations
We'd look for a '=' separator using memchr, i.e. ignoring any nul bytes in the
string, but then do a strndup, which would terminate on any nul byte, and then
again do a memcmp, which would access memory past the chunk allocated by strndup.
Of course, we probably shouldn't allow keys with nul bytes in them. But we
currently do, so there might be journal files like that out there. So let's fix
the journal-reading code first.
-rw-r--r-- | src/shared/logs-show.c | 4 | ||||
-rw-r--r-- | test/fuzz-regressions/fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45 | bin | 0 -> 2490 bytes |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index 50326fde5d..124fa838b3 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -839,7 +839,7 @@ static int output_json( if (!eq) continue; - n = strndup(data, eq - (const char*) data); + n = memdup_suffix0(data, eq - (const char*) data); if (!n) { r = log_oom(); goto finish; @@ -891,7 +891,7 @@ static int output_json( m = eq - (const char*) data; - n = strndup(data, m); + n = memdup_suffix0(data, m); if (!n) { r = log_oom(); goto finish; diff --git a/test/fuzz-regressions/fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45 b/test/fuzz-regressions/fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45 Binary files differnew file mode 100644 index 0000000000..535d49ea7a --- /dev/null +++ b/test/fuzz-regressions/fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45 |