diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2012-11-09 08:53:00 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2012-11-09 08:53:00 +0100 |
| commit | 69949e07e795bf2f58319a463294cc6aeb7ad3c8 (patch) | |
| tree | d021856635045f8e530d0c83154042bff2f49bcb | |
| parent | 8b5f57a2c6b99944d2de885a1f7a303bdee0af48 (diff) | |
| parent | 275230ceb1b09d2d62e436bd06e6a04a295d3a4d (diff) | |
| download | rsyslog-69949e07e795bf2f58319a463294cc6aeb7ad3c8.tar.gz rsyslog-69949e07e795bf2f58319a463294cc6aeb7ad3c8.tar.bz2 rsyslog-69949e07e795bf2f58319a463294cc6aeb7ad3c8.zip | |
Merge branch 'v7.2.1-bugfix' into v7-stable
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | grammar/rainerscript.c | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,10 @@ +- bugfix: potential segfault due to invalid param handling in comparisons + This could happen in RainerScript comparisons (like contains); in some + cases an unitialized variable was accessed, which could lead to an + invalid free and in turn to a segfault. + Closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372 + Thanks to Georgi Georgiev for reporting this bug and his great help + in solving it. ---------------------------------------------------------------------------- Version 7.2.2 [v7-stable] 2012-10-?? - enabled to build without libuuid, at loss of uuid functionality diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index 36254632..a752e517 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -1230,7 +1230,7 @@ evalStrArrayCmp(es_str_t *estr_l, struct cnfarray* ar, int cmpop) #define FREE_TWO_STRINGS \ if(bMustFree) es_deleteStr(estr_r); \ - if(expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ + if(expr->r->nodetype != 'S' && expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ if(bMustFree2) es_deleteStr(estr_l); \ if(l.datatype == 'S') es_deleteStr(l.d.estr) |