1From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001 2From: Laszlo Varady <laszlo.varady@protonmail.com> 3Date: Sat, 20 Aug 2022 14:30:22 +0200 4Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length 5MIME-Version: 1.0 6Content-Type: text/plain; charset=UTF-8 7Content-Transfer-Encoding: 8bit 8 9CVE: CVE-2022-38725 10 11Upstream-Status: Backport 12[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396] 13 14Signed-off-by: László Várady <laszlo.varady@protonmail.com> 15 16Signed-off-by: Yogita Urade <yogita.urade@windriver.com> 17--- 18 lib/timeutils/scan-timestamp.c | 8 ++++++-- 19 lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++ 20 2 files changed, 13 insertions(+), 2 deletions(-) 21 22diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c 23index d22d50973..125264677 100644 24--- a/lib/timeutils/scan-timestamp.c 25+++ b/lib/timeutils/scan-timestamp.c 26@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length) 27 static gboolean 28 __has_iso_timezone(const guchar *src, gint length) 29 { 30- return (length >= 5) && 31+ return (length >= 6) && 32 (*src == '+' || *src == '-') && 33 isdigit(*(src+1)) && 34 isdigit(*(src+2)) && 35 *(src+3) == ':' && 36 isdigit(*(src+4)) && 37 isdigit(*(src+5)) && 38- !isdigit(*(src+6)); 39+ (length < 7 || !isdigit(*(src+6))); 40 } 41 42 static guint32 43 __parse_iso_timezone(const guchar **data, gint *length) 44 { 45+ g_assert(*length >= 6); 46+ 47 gint hours, mins; 48 const guchar *src = *data; 49 guint32 tz = 0; 50@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length) 51 hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0'; 52 mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0'; 53 tz = sign * (hours * 3600 + mins * 60); 54+ 55 src += 6; 56 (*length) -= 6; 57+ 58 *data = src; 59 return tz; 60 } 61diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c 62index 468bbf779..d18bdc65d 100644 63--- a/lib/timeutils/tests/test_scan-timestamp.c 64+++ b/lib/timeutils/tests/test_scan-timestamp.c 65@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) 66 67 } 68 69+Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only) 70+{ 71+ const gchar *ts = "2022-08-17T05:02:28.417+03:00"; 72+ gint ts_len = strlen(ts); 73+ _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts); 74+} 75+ 76 77 Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) 78 { 79-- 802.34.1 81 82