syslog-ng/files/CVE-2022-38725-0002.patch

*4882a593SmuzhiyunFrom 81a07263f1e522a376d3a30f96f51df3f2879f8a Mon Sep 17 00:00:00 2001
*4882a593SmuzhiyunFrom: Laszlo Varady <laszlo.varady@protonmail.com>
*4882a593SmuzhiyunDate: Sat, 20 Aug 2022 12:22:44 +0200
*4882a593SmuzhiyunSubject: [PATCH 2/8] syslogformat: add bug reproducer test for non-zero terminated
*4882a593Smuzhiyun input
*4882a593SmuzhiyunMIME-Version: 1.0
*4882a593SmuzhiyunContent-Type: text/plain; charset=UTF-8
*4882a593SmuzhiyunContent-Transfer-Encoding: 8bit
*4882a593Smuzhiyun
*4882a593SmuzhiyunCVE: CVE-2022-38725
*4882a593Smuzhiyun
*4882a593SmuzhiyunUpstream-Status: Backport
*4882a593Smuzhiyun[https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a]
*4882a593Smuzhiyun
*4882a593SmuzhiyunSigned-off-by: László Várady <laszlo.varady@protonmail.com>
*4882a593Smuzhiyun
*4882a593SmuzhiyunSigned-off-by: Yogita Urade <yogita.urade@windriver.com>
*4882a593Smuzhiyun---
*4882a593Smuzhiyun modules/syslogformat/CMakeLists.txt           |  1 +
*4882a593Smuzhiyun modules/syslogformat/Makefile.am              |  2 +
*4882a593Smuzhiyun modules/syslogformat/tests/CMakeLists.txt     |  1 +
*4882a593Smuzhiyun modules/syslogformat/tests/Makefile.am        |  9 +++
*4882a593Smuzhiyun .../syslogformat/tests/test_syslog_format.c   | 72 +++++++++++++++++++
*4882a593Smuzhiyun 5 files changed, 85 insertions(+)
*4882a593Smuzhiyun create mode 100644 modules/syslogformat/tests/CMakeLists.txt
*4882a593Smuzhiyun create mode 100644 modules/syslogformat/tests/Makefile.am
*4882a593Smuzhiyun create mode 100644 modules/syslogformat/tests/test_syslog_format.c
*4882a593Smuzhiyun
*4882a593Smuzhiyundiff --git a/modules/syslogformat/CMakeLists.txt b/modules/syslogformat/CMakeLists.txt
*4882a593Smuzhiyunindex 94ee01aa2..64848efee 100644
*4882a593Smuzhiyun--- a/modules/syslogformat/CMakeLists.txt
*4882a593Smuzhiyun+++ b/modules/syslogformat/CMakeLists.txt
*4882a593Smuzhiyun@@ -14,3 +14,4 @@ add_module(
*4882a593Smuzhiyun   SOURCES ${SYSLOGFORMAT_SOURCES}
*4882a593Smuzhiyun )
*4882a593Smuzhiyun
*4882a593Smuzhiyun+add_test_subdirectory(tests)
*4882a593Smuzhiyundiff --git a/modules/syslogformat/Makefile.am b/modules/syslogformat/Makefile.am
*4882a593Smuzhiyunindex f13f88c1b..14cdf589d 100644
*4882a593Smuzhiyun--- a/modules/syslogformat/Makefile.am
*4882a593Smuzhiyun+++ b/modules/syslogformat/Makefile.am
*4882a593Smuzhiyun@@ -31,3 +31,5 @@ modules_syslogformat_libsyslogformat_la_DEPENDENCIES =	\
*4882a593Smuzhiyun modules/syslogformat modules/syslogformat/ mod-syslogformat: \
*4882a593Smuzhiyun 	modules/syslogformat/libsyslogformat.la
*4882a593Smuzhiyun .PHONY: modules/syslogformat/ mod-syslogformat
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+include modules/syslogformat/tests/Makefile.am
*4882a593Smuzhiyundiff --git a/modules/syslogformat/tests/CMakeLists.txt b/modules/syslogformat/tests/CMakeLists.txt
*4882a593Smuzhiyunnew file mode 100644
*4882a593Smuzhiyunindex 000000000..2e45b7194
*4882a593Smuzhiyun--- /dev/null
*4882a593Smuzhiyun+++ b/modules/syslogformat/tests/CMakeLists.txt
*4882a593Smuzhiyun@@ -0,0 +1 @@
*4882a593Smuzhiyun+add_unit_test(CRITERION TARGET test_syslog_format DEPENDS syslogformat)
*4882a593Smuzhiyundiff --git a/modules/syslogformat/tests/Makefile.am b/modules/syslogformat/tests/Makefile.am
*4882a593Smuzhiyunnew file mode 100644
*4882a593Smuzhiyunindex 000000000..7ee66a59c
*4882a593Smuzhiyun--- /dev/null
*4882a593Smuzhiyun+++ b/modules/syslogformat/tests/Makefile.am
*4882a593Smuzhiyun@@ -0,0 +1,9 @@
*4882a593Smuzhiyun+modules_syslogformat_tests_TESTS = \
*4882a593Smuzhiyun+    modules/syslogformat/tests/test_syslog_format
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+check_PROGRAMS += ${modules_syslogformat_tests_TESTS}
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+EXTRA_DIST += modules/syslogformat/tests/CMakeLists.txt
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+modules_syslogformat_tests_test_syslog_format_CFLAGS = $(TEST_CFLAGS) -I$(top_srcdir)/modules/syslogformat
*4882a593Smuzhiyun+modules_syslogformat_tests_test_syslog_format_LDADD = $(TEST_LDADD) $(PREOPEN_SYSLOGFORMAT)
*4882a593Smuzhiyundiff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c
*4882a593Smuzhiyunnew file mode 100644
*4882a593Smuzhiyunindex 000000000..b247fe3c5
*4882a593Smuzhiyun--- /dev/null
*4882a593Smuzhiyun+++ b/modules/syslogformat/tests/test_syslog_format.c
*4882a593Smuzhiyun@@ -0,0 +1,72 @@
*4882a593Smuzhiyun+/*
*4882a593Smuzhiyun+ * Copyright (c) 2022 One Identity
*4882a593Smuzhiyun+ * Copyright (c) 2022 László Várady
*4882a593Smuzhiyun+ *
*4882a593Smuzhiyun+ * This program is free software; you can redistribute it and/or modify it
*4882a593Smuzhiyun+ * under the terms of the GNU General Public License version 2 as published
*4882a593Smuzhiyun+ * by the Free Software Foundation, or (at your option) any later version.
*4882a593Smuzhiyun+ *
*4882a593Smuzhiyun+ * This program is distributed in the hope that it will be useful,
*4882a593Smuzhiyun+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
*4882a593Smuzhiyun+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*4882a593Smuzhiyun+ * GNU General Public License for more details.
*4882a593Smuzhiyun+ *
*4882a593Smuzhiyun+ * You should have received a copy of the GNU General Public License
*4882a593Smuzhiyun+ * along with this program; if not, write to the Free Software
*4882a593Smuzhiyun+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*4882a593Smuzhiyun+ *
*4882a593Smuzhiyun+ * As an additional exemption you are allowed to compile & link against the
*4882a593Smuzhiyun+ * OpenSSL libraries as published by the OpenSSL project. See the file
*4882a593Smuzhiyun+ * COPYING for details.
*4882a593Smuzhiyun+ *
*4882a593Smuzhiyun+ */
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+#include <criterion/criterion.h>
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+#include "apphook.h"
*4882a593Smuzhiyun+#include "cfg.h"
*4882a593Smuzhiyun+#include "syslog-format.h"
*4882a593Smuzhiyun+#include "logmsg/logmsg.h"
*4882a593Smuzhiyun+#include "msg-format.h"
*4882a593Smuzhiyun+#include "scratch-buffers.h"
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+#include <string.h>
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+GlobalConfig *cfg;
*4882a593Smuzhiyun+MsgFormatOptions parse_options;
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+static void
*4882a593Smuzhiyun+setup(void)
*4882a593Smuzhiyun+{
*4882a593Smuzhiyun+  app_startup();
*4882a593Smuzhiyun+  syslog_format_init();
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  cfg = cfg_new_snippet();
*4882a593Smuzhiyun+  msg_format_options_defaults(&parse_options);
*4882a593Smuzhiyun+}
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+static void
*4882a593Smuzhiyun+teardown(void)
*4882a593Smuzhiyun+{
*4882a593Smuzhiyun+  scratch_buffers_explicit_gc();
*4882a593Smuzhiyun+  app_shutdown();
*4882a593Smuzhiyun+  cfg_free(cfg);
*4882a593Smuzhiyun+}
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+TestSuite(syslog_format, .init = setup, .fini = teardown);
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeout = 10)
*4882a593Smuzhiyun+{
*4882a593Smuzhiyun+  const gchar *data = "<182>2022-08-17T05:02:28.217 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
*4882a593Smuzhiyun+  /* chosen carefully to reproduce a bug */
*4882a593Smuzhiyun+  gsize data_length = 27;
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  msg_format_options_init(&parse_options, cfg);
*4882a593Smuzhiyun+  LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length);
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  gsize problem_position;
*4882a593Smuzhiyun+  cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position));
*4882a593Smuzhiyun+
*4882a593Smuzhiyun+  msg_format_options_destroy(&parse_options);
*4882a593Smuzhiyun+  log_msg_unref(msg);
*4882a593Smuzhiyun+}
*4882a593Smuzhiyun--
*4882a593Smuzhiyun2.34.1
*4882a593Smuzhiyun