'[oss-security] Use after free in syslog-ng / affile_dw_reap()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Use after free in syslog-ng / affile_dw_reap()
From:       Hanno =?iso-8859-1?q?B=F6ck?= <hanno () hboeck ! de>
Date:       2018-12-23 7:57:04
Message-ID: 20181223085704.20c253af () computer
[Download RAW message or body]

Hi,

The recently released syslog-ng 3.19.1 fixes a use after free bug.

ASAN error:
==7538==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000007770 at pc \
0x7fc3a89069c8 bp 0x7ffd8099afd0 sp 0x7ffd8099afc0 READ of size 8 at 0x612000007770 thread T0
    #0 0x7fc3a89069c7 in affile_dw_reap modules/affile/affile-dest.c:140
    #1 0x7fc3ac21f563 in iv_run_timers \
/var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_timer.c:119  #2 \
0x7fc3ac22703f in iv_main \
/var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_main_posix.c:98  #3 \
0x7fc3adf1e6d4 in main_loop_run lib/mainloop.c:580  #4 0x401ef7 in main syslog-ng/main.c:307
    #5 0x7fc3ad45fb9d in __libc_start_main (/lib64/libc.so.6+0x21b9d)
    #6 0x4021b9 in _start (/usr/sbin/syslog-ng+0x4021b9)


I reported this a while ago [1] and learned that this was already known
and fixed, but not released yet [2].


[1] https://github.com/balabit/syslog-ng/issues/2454
[2] https://github.com/balabit/syslog-ng/pull/2418

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic