]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 090a20c) | patch
journald: check whether sscanf has changed the value corresponding to %n
authorEvgeny Vereshchagin <evvers@ya.ru>
Fri, 16 Nov 2018 22:32:31 +0000 (23:32 +0100)
committerEvgeny Vereshchagin <evvers@ya.ru>
Sat, 17 Nov 2018 10:25:19 +0000 (11:25 +0100)
commit1dab14aba749b9c5ab8176c5730107b70834240b
tree2b0ad3716c496f486756c48388c20badc6f9baf8tree | snapshot
parent090a20cfaf3d5439fa39c5d8df473b0cfef181ddcommit | diff
journald: check whether sscanf has changed the value corresponding to %n

It's possible for sscanf to receive strings containing all three fields
and not matching the template at the same time. When this happens the
value of k doesn't change, which basically means that process_audit_string
tries to access memory randomly. Sometimes it works and sometimes it doesn't :-)

See also https://bugzilla.redhat.com/show_bug.cgi?id=1059314.
src/journal/journald-audit.c diff | blob | blame | history
test/fuzz/fuzz-journald-audit/crash [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.