ulogd: ignore private data on plugin stop

When deciding whether to call the stop hook of a plugin instance, only
two things are relevant: If the plugin actually has a stop hook defined,
and if the plugin instance is still used in a different stack. The
private data of a plugin instance is opaque to ulogd, so its size or
content are irrelevant to the stop-hook decision. And in the same vein
should ulogd never write to it.

The one-null-byte write could previously lead to an out-of-bounds write
on plugins with a stop hook and zero-size private data.

Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/ulogd.c b/src/ulogd.c
index 6c5ff9ac7a515493da577ab6140f78769c9d5e91..9a0060d03f5c615c3cbe24511def262d9eaa630f 100644 (file)
--- a/src/ulogd.c
+++ b/src/ulogd.c
@@ -1327,12 +1327,10 @@ static void stop_pluginstances()
 
        llist_for_each_entry(stack, &ulogd_pi_stacks, stack_list) {
                llist_for_each_entry_safe(pi, npi, &stack->list, list) {
-                       if ((pi->plugin->priv_size > 0 || *pi->plugin->stop) &&
-                           pluginstance_stop(pi)) {
+                       if (*pi->plugin->stop && pluginstance_stop(pi)) {
                                ulogd_log(ULOGD_DEBUG, "calling stop for %s\n",
                                          pi->plugin->name);
                                (*pi->plugin->stop)(pi);
-                               pi->private[0] = 0;
                        }
 
                        /* NB: plugin->stop() might access other plugin instances,