Fix out-of-bounds read (CVE-2018-16866) #23
Merged
Commits on Jan 11, 2019
-
journal: fix out-of-bounds read CVE-2018-16866
The original code didn't account for the fact that strchr() would match on the '\0' character, making it read past the end of the buffer if no non-whitespace character was present. This bug was introduced in commit ec5ff44 which was first released in systemd v221 and later fixed in commit 8595102 which was released in v240, so versions in the range [v221, v240) are affected.
-
journal: Add test cases that catch out-of-bounds read in journald
The test cases from commit 8595102 check for the return value of syslog_parse_identifier() and will catch the condition that produced vulnerability from CVE-2018-16866. Add these tests to our stable branches. Tested that these tests will fail if the fix for CVE-2018-16866 is missing from the branch.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.