Emilien Gaspar has identified a heap overflow in parse_packet(), the
function used by the network plugin to parse incoming network packets.
This is a vulnerability in collectd, though the scope is not clear at
this point. At the very least specially crafted network packets can be
used to crash the daemon. We can't rule out a potential remote code
execution though.
Fixes: CVE-2016-6254
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
continue;
}
#endif /* HAVE_LIBGCRYPT */
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
continue;
}
#endif /* HAVE_LIBGCRYPT */
DEBUG ("network plugin: parse_packet: Unknown part"
" type: 0x%04hx", pkg_type);
buffer = ((char *) buffer) + pkg_length;
DEBUG ("network plugin: parse_packet: Unknown part"
" type: 0x%04hx", pkg_type);
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
}
} /* while (buffer_size > sizeof (part_header_t)) */
}
} /* while (buffer_size > sizeof (part_header_t)) */