30 lines
781 B
Diff
30 lines
781 B
Diff
From 335d65fc5a9d73580c6663fcb754ddce4e159a61 Mon Sep 17 00:00:00 2001
|
|
From: lvfei <lvfei@kylinos.cn>
|
|
Date: Thu, 25 Apr 2024 13:49:04 +0800
|
|
Subject: [PATCH] CVE-2024-22857
|
|
|
|
---
|
|
src/rule.c | 6 ++++--
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/rule.c b/src/rule.c
|
|
index 473d21f..02a9c08 100644
|
|
--- a/src/rule.c
|
|
+++ b/src/rule.c
|
|
@@ -890,8 +890,10 @@ zlog_rule_t *zlog_rule_new(char *line,
|
|
}
|
|
break;
|
|
case '$' :
|
|
- sscanf(file_path + 1, "%s", a_rule->record_name);
|
|
-
|
|
+ // read only MAXLEN_PATH characters from the file_path + 1
|
|
+ strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH);
|
|
+ a_rule->record_name[MAXLEN_PATH] = '\0';
|
|
+
|
|
if (file_limit) { /* record path exists */
|
|
p = strchr(file_limit, '"');
|
|
if (!p) {
|
|
--
|
|
2.27.0
|
|
|