From 335d65fc5a9d73580c6663fcb754ddce4e159a61 Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Thu, 25 Apr 2024 13:49:04 +0800
Subject: [PATCH] CVE-2024-22857

---
 src/rule.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index 473d21f..02a9c08 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -890,8 +890,10 @@ zlog_rule_t *zlog_rule_new(char *line,
 		}
 		break;
 	case '$' :
-		sscanf(file_path + 1, "%s", a_rule->record_name);
-			
+        // read only MAXLEN_PATH characters from the file_path + 1
+		strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH);
+		a_rule->record_name[MAXLEN_PATH] = '\0';		
+	
 		if (file_limit) {  /* record path exists */
 			p = strchr(file_limit, '"');
 			if (!p) {
-- 
2.27.0