packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
audit/backport-Add-a-buffer-limit-just-in-case.patch
xuraoqing a27655bb8f backport patches from upstream 
Signed-off-by: xuraoqing <609179072@qq.com>
(cherry picked from commit 5255e7ae0b8c4c8c9dd47a4134203a9655fcefbc)
2023-06-26 12:03:07 +08:00

33 lines
1.1 KiB
Diff
Raw Blame History

From 1ab94d6873b33b1a3f343e58a0af9a0f03481ef0 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Mon, 3 Apr 2023 17:31:39 -0400
Subject: [PATCH] Add a buffer limit just in case
Reference:https://github.com/linux-audit/audit-userspace/commit/1ab94d6873b33b1a3f343e58a0af9a0f03481ef0
Conflict:NA
---
audisp/plugins/syslog/audisp-syslog.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/syslog/audisp-syslog.c b/audisp/plugins/syslog/audisp-syslog.c
index da76b84..332aa12 100644
--- a/audisp/plugins/syslog/audisp-syslog.c
+++ b/audisp/plugins/syslog/audisp-syslog.c
@@ -156,10 +156,11 @@ static inline void write_syslog(char *s)
// Now iterate over the fields and print each one
mptr = record;
- while (rc > 0) {
+ while (rc > 0 &&
+ ((mptr-record) < (MAX_AUDIT_MESSAGE_LENGTH-128))) {
int ftype = auparse_get_field_type(au);
const char *fname = auparse_get_field_name(au);
- const char *fval;
+ const char *fval;
switch (ftype) {
case AUPARSE_TYPE_ESCAPED_FILE:
fval = auparse_interpret_realpath(au);
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink