Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer over-read in systemd input plugin since v3.2.3 #9788

Closed
bpetermannS11 opened this issue Jan 2, 2025 · 1 comment
Closed

Buffer over-read in systemd input plugin since v3.2.3 #9788

bpetermannS11 opened this issue Jan 2, 2025 · 1 comment
Labels
status: waiting-for-triage

Comments

@bpetermannS11
Copy link
Contributor

Bug Report

Describe the bug

When running fluent-bit with the systemd input plugin some buffer over-read occur while the plugin handles the journal data, apparently while copying structured data item values.

Valgrind complains "Conditional jump or move depends on uninitialised value(s)" when running fluent-bit v3.2.3 or v3.2.4, the offending code is in systemd_enumerate_data_store.

To Reproduce

  • Rubular link if applicable:
  • Example log message if applicable:
==3197956== Conditional jump or move depends on uninitialised value(s)
==3197956==    at 0x484ED28: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3197956==    by 0x2FC527: systemd_enumerate_data_store.constprop.0 (systemd.c:238)
==3197956==    by 0x2FCB0D: in_systemd_collect (systemd.c:395)
==3197956==    by 0x2FD083: in_systemd_collect_archive (systemd.c:512)
==3197956==    by 0x28D9C4: flb_input_collector_fd (flb_input.c:1982)
==3197956==    by 0x2A98A4: flb_engine_handle_event (flb_engine.c:577)
==3197956==    by 0x2A98A4: flb_engine_start (flb_engine.c:960)
==3197956==    by 0x283077: flb_lib_worker (flb_lib.c:835)
==3197956==    by 0x505BAC2: start_thread (pthread_create.c:442)
==3197956==    by 0x50ECA03: clone (clone.S:100)
==3197956==
  • Steps to reproduce the problem:
    Run fluent-bit with the following configuration and some systemd journal activity:
[SERVICE]
    daemon       Off
    http_server  Off

[INPUT]
    name              systemd
    tag               journald
    db                /var/log/fluent-bit/fluent-bit-journal.db
    lowercase         on
    strip_underscores on
    path              /var/log/journal
    read_from_tail    on

Expected behavior

No reads from uninitialized memory

Screenshots

Your Environment

  • Version used: v3.2.4
  • Configuration: see above
  • Environment name and version (e.g. Kubernetes? What version?): Ubuntu 22.04
  • Server type and version:
  • Operating System and version: Ubuntu 22.04
  • Filters and plugins: systemd input

Additional context
@bpetermannS11 bpetermannS11 mentioned this issue Jan 2, 2025
Merged
5 tasks
bpetermannS11 added a commit to bpetermannS11/fluent-bit that referenced this issue Jan 2, 2025
@bpetermannS11
in_systemd: fix buffer over-read
2afa8db 
Fix buffer over-reads in systemd input plugin (fluent#9788).
In systemd_enumerate_data_store: when copying the item value
the input string may not be 0-terminated, so relying on
strlen may lead to reads beyond the end of the buffer.
Use the known string length instead of strlen.

Signed-off-by: Bodo Petermann <[email protected]>
@bpetermannS11 bpetermannS11 mentioned this issue Jan 3, 2025
Closed
edsiper pushed a commit that referenced this issue Jan 8, 2025
@bpetermannS11 @edsiper
in_systemd: fix buffer over-read
0bb6ada 
Fix buffer over-reads in systemd input plugin (#9788).
In systemd_enumerate_data_store: when copying the item value
the input string may not be 0-terminated, so relying on
strlen may lead to reads beyond the end of the buffer.
Use the known string length instead of strlen.

Signed-off-by: Bodo Petermann <[email protected]>
edsiper pushed a commit that referenced this issue Jan 8, 2025
@bpetermannS11 @edsiper
in_systemd: fix buffer over-read
38730d8 
Fix buffer over-reads in systemd input plugin (#9788).
In systemd_enumerate_data_store: when copying the item value
the input string may not be 0-terminated, so relying on
strlen may lead to reads beyond the end of the buffer.
Use the known string length instead of strlen.

Signed-off-by: Bodo Petermann <[email protected]>
@cosmo0920
Copy link
Contributor

Fixed in #9789.

edsiper pushed a commit that referenced this issue Jan 22, 2025
@bpetermannS11 @edsiper
in_systemd: fix buffer over-read
053f7e9 
Fix buffer over-reads in systemd input plugin (#9788).
In systemd_enumerate_data_store: when copying the item value
the input string may not be 0-terminated, so relying on
strlen may lead to reads beyond the end of the buffer.
Use the known string length instead of strlen.

Signed-off-by: Bodo Petermann <[email protected]>
@bpetermannS11 bpetermannS11 mentioned this issue Jan 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cosmo0920 @bpetermannS11