Headline
CVE-2023-39976: log: fix potential overflow with long log messages by chrissie-c · Pull Request #490 · ClusterLabs/libqb
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
qb_vsnprintf_serialize was called with ‘max_size’ as the limiting number for the length of the formatted log message. But the buffer also needs to contain the
log header (given by ‘actual_size’), so we now pass ‘max_size - actual_size’ as the maximum length of the formatted log message.
Also added error checks to the blacbkbox calls at
the end of the test, as these now provide a proper test that the BB is functioning. Before they were
masking failures.
Related news
Red Hat Security Advisory 2023-5597-01 - The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 6308-1 - It was discovered that Libqb incorrectly handled certain messages. An attacker could possibly use this issue to cause a crash or execute arbitrary code.