New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abnormal message causes Segmentation fault #3328
Comments
Possible fix: aleksandrgilfanov@25a3f8b |
Hello, nice findings. This turned out once when I tweaked a fuzzer[1] (and some other issue like this). I had a slightly different fixture for this error: Kokan@d4b4496 (Note this commit contains other possible fixes.) Your patch imho is not correct, as the
The
I think the option 2 would be a good choose. [1] The comment describes how to use the fuzzer ed178e5 that works on this branch: master...Kokan:libfuzz-syslog-parser |
The Cisco sequence number is not a specified part of any rfc, nor is
standard, so the entire sequence number parsing is just a heuristic, which
fails at this point.
We should just go back to the front and handle the message normally.
…On Wed, Jun 17, 2020, 20:57 Kókai Péter ***@***.***> wrote:
Hello, nice findings. This turned out once when I tweaked a fuzzer[1] (and
some other issue like this). I had a slightly different fixture for this
error: ***@***.***
<Kokan@d4b4496>
(Note this commit contains other possible fixes.)
Your patch imho is not correct, as the src and left should be in sync,
but yours increment the src unconditionally and not later assignes it to
data.
*data = src;
*length = left;
The data and length could be inconsistent, that may cause additional
issues later on.
The reson I did not submit my version is that I had an open question what
to do when this error occurs:
1. pretend that seq id not present and let the parsing continue
- parsing continue after seq id
- parsing continue at seq id
2. make the whole parser fail, and wrap the not parse-able message
into a new one (msg_format_inject_parse_error).
I think the option 2 would be a good choose.
@aleksandrgilfanov <https://github.com/aleksandrgilfanov> Would you mind
doing a pull request from it ?
[1] The comment describes how to use the fuzzer ed178e5
<ed178e5>
that works on this branch: master...Kokan:libfuzz-syslog-parser
<master...Kokan:libfuzz-syslog-parser>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#3328 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFOK5SJT3JUMNRWNG7YINLRXEGY5ANCNFSM4OAP5ZXQ>
.
|
Fixes syslog-ng#3328 and hopefully a few similuar not discovered crashes like that. Signed-off-by: Kokan <kokaipeter@gmail.com>
syslog-ng
Version of syslog-ng
Platform
Debian 10
Issue
The message, that contains just bytes: "4\0 " causes Segmentation fault
Steps to reproduce
Configuration
The text was updated successfully, but these errors were encountered: