oss-sec mailing list archives
Use after free in syslog-ng / affile_dw_reap()
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 23 Dec 2018 08:57:04 +0100
Hi, The recently released syslog-ng 3.19.1 fixes a use after free bug. ASAN error: ==7538==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000007770 at pc 0x7fc3a89069c8 bp 0x7ffd8099afd0 sp 0x7ffd8099afc0 READ of size 8 at 0x612000007770 thread T0 #0 0x7fc3a89069c7 in affile_dw_reap modules/affile/affile-dest.c:140 #1 0x7fc3ac21f563 in iv_run_timers /var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_timer.c:119 #2 0x7fc3ac22703f in iv_main /var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_main_posix.c:98 #3 0x7fc3adf1e6d4 in main_loop_run lib/mainloop.c:580 #4 0x401ef7 in main syslog-ng/main.c:307 #5 0x7fc3ad45fb9d in __libc_start_main (/lib64/libc.so.6+0x21b9d) #6 0x4021b9 in _start (/usr/sbin/syslog-ng+0x4021b9) I reported this a while ago [1] and learned that this was already known and fixed, but not released yet [2]. [1] https://github.com/balabit/syslog-ng/issues/2454 [2] https://github.com/balabit/syslog-ng/pull/2418 -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- Use after free in syslog-ng / affile_dw_reap() Hanno Böck (Dec 22)