oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Use after free in syslog-ng / affile_dw_reap()

From: Hanno Böck <hanno () hboeck de>
Date: Sun, 23 Dec 2018 08:57:04 +0100
Hi,

The recently released syslog-ng 3.19.1 fixes a use after free bug.

ASAN error:
==7538==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000007770 at pc 0x7fc3a89069c8 bp 0x7ffd8099afd0 
sp 0x7ffd8099afc0
READ of size 8 at 0x612000007770 thread T0
    #0 0x7fc3a89069c7 in affile_dw_reap modules/affile/affile-dest.c:140
    #1 0x7fc3ac21f563 in iv_run_timers /var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_timer.c:119
    #2 0x7fc3ac22703f in iv_main /var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_main_posix.c:98
    #3 0x7fc3adf1e6d4 in main_loop_run lib/mainloop.c:580
    #4 0x401ef7 in main syslog-ng/main.c:307
    #5 0x7fc3ad45fb9d in __libc_start_main (/lib64/libc.so.6+0x21b9d)
    #6 0x4021b9 in _start (/usr/sbin/syslog-ng+0x4021b9)


I reported this a while ago [1] and learned that this was already known
and fixed, but not released yet [2].


[1] https://github.com/balabit/syslog-ng/issues/2454
[2] https://github.com/balabit/syslog-ng/pull/2418

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Previous By Date Next
Previous By Thread Next

Current thread: