From 1ab94d6873b33b1a3f343e58a0af9a0f03481ef0 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Mon, 3 Apr 2023 17:31:39 -0400
Subject: [PATCH] Add a buffer limit just in case
 
Reference:https://github.com/linux-audit/audit-userspace/commit/1ab94d6873b33b1a3f343e58a0af9a0f03481ef0
Conflict:NA
 
---
 audisp/plugins/syslog/audisp-syslog.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 
diff --git a/audisp/plugins/syslog/audisp-syslog.c b/audisp/plugins/syslog/audisp-syslog.c
index da76b84..332aa12 100644
--- a/audisp/plugins/syslog/audisp-syslog.c
+++ b/audisp/plugins/syslog/audisp-syslog.c
@@ -156,10 +156,11 @@ static inline void write_syslog(char *s)
 
 		// Now iterate over the fields and print each one
 		mptr = record;
-		while (rc > 0) {
+		while (rc > 0 &&
+		       ((mptr-record) < (MAX_AUDIT_MESSAGE_LENGTH-128))) {
 			int ftype = auparse_get_field_type(au);
 			const char *fname = auparse_get_field_name(au);
-			const char *fval; 
+			const char *fval;
 			switch (ftype) {
 				case AUPARSE_TYPE_ESCAPED_FILE:
 					fval = auparse_interpret_realpath(au);
-- 
2.33.0