Skip to content

in_syslog: fix integer overflow in octet-counting length parser [Backport to 4.2]#11898

Merged
cosmo0920 merged 1 commit into
4.2from
fix/syslog-octet-overflow-4.2
Jun 3, 2026
Merged

in_syslog: fix integer overflow in octet-counting length parser [Backport to 4.2]#11898
cosmo0920 merged 1 commit into
4.2from
fix/syslog-octet-overflow-4.2

Conversation

@cosmo0920
Copy link
Copy Markdown
Contributor

@cosmo0920 cosmo0920 commented Jun 3, 2026

Backporting of #11852.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@cosmo0920 cosmo0920 requested a review from edsiper as a code owner June 3, 2026 01:28
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 3, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2bd51721-da87-4ac4-b51d-7a7637ac4acc

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/syslog-octet-overflow-4.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cosmo0920 cosmo0920 added this to the Fluent Bit v4.2.5 milestone Jun 3, 2026
@cosmo0920
in_syslog: fix integer overflow in octet-counting length parser
935f676 
The overflow guard uses strict greater-than (n > SIZE_MAX / 10) which
misses the boundary case where n equals SIZE_MAX / 10 exactly. When
n = 1844674407370955161 (SIZE_MAX / 10 on 64-bit), the subsequent
n * 10 + digit overflows to a small value (0-5). This sets
frame_expected_len to 0, which permanently corrupts the connection
-- frame_have_len stays set while frame_expected_len is 0,
causing all subsequent messages to be silently discarded.

Change the guard to >= so that the boundary value is also clamped to
SIZE_MAX before the multiplication.

Signed-off-by: Tristan <tristan@talencesecurity.com>
@cosmo0920 cosmo0920 force-pushed the fix/syslog-octet-overflow-4.2 branch from 6fa061f to 935f676 Compare June 3, 2026 01:33
@cosmo0920 cosmo0920 merged commit c8c47bd into 4.2 Jun 3, 2026
24 checks passed
@cosmo0920 cosmo0920 deleted the fix/syslog-octet-overflow-4.2 branch June 3, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

Fluent Bit v4.2.5

Development

Successfully merging this pull request may close these issues.

1 participant

@cosmo0920