From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Tue, 22 Nov 2022 10:17:11 +0000 (+0100)
Subject: BUG/MINOR: log: fix parse_log_message rfc5424 size check
X-Git-Tag: v2.7-dev10~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab9efc25f07b9870c827e2da05fe23a084a8b8f4;p=thirdparty%2Fhaproxy.git

BUG/MINOR: log: fix parse_log_message rfc5424 size check

In parse_log_message(), if log is rfc5424 compliant, p pointer
is incremented and size is not. However size is still used in further
checks as if p pointer was not incremented.

This could lead to logic error or buffer overflow if input buf is not
null-terminated.

Fixing this by making sure size is up to date where it is needed.

It could be backported up to 2.4.
---

diff --git a/src/log.c b/src/log.c
index 1fdcd81595..cf140cdd99 100644
--- a/src/log.c
+++ b/src/log.c
@@ -3234,6 +3234,7 @@ void parse_log_message(char *buf, size_t buflen, int *level, int *facility,
 		 */
 
 		p += 2;
+		*size -= 2;
 		/* timestamp is NILVALUE '-' */
 		if (*size > 2 && (p[0] == '-') && p[1] == ' ') {
 			metadata[LOG_META_TIME] = ist2(p, 1);