in_systemd: fix buffer over-read

In systemd_enumerate_data_store: when copying the item value the input string may not be 0-terminated, so relying on strlen may lead to reads beyond the end of the buffer. Use the known string length instead of strlen.
fluent · Jan 2, 2025 · 34aa117 · 34aa117
1 parent 09214eb
commit 34aa117
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/plugins/in_systemd/systemd.c b/plugins/in_systemd/systemd.c
@@ -218,16 +218,16 @@ static int systemd_enumerate_data_store(struct flb_config *config,
 
             cfl_array_append_string_s(array,
                                       tmp_val->data.as_string,
-                                      strlen(tmp_val->data.as_string),
+                                      tmp_val->size,
                                       CFL_FALSE);
-            cfl_array_append_string_s(array, (char *)val, strlen(val), CFL_FALSE);
+            cfl_array_append_string_s(array, (char *)val, len, CFL_FALSE);
             cfl_kvlist_insert_array_s(kvlist, list_key, key_len, array);
             cfl_variant_destroy(tmp_val);
             break;
         case CFL_VARIANT_ARRAY:
             /* Just appending the newly arrived field(s) */
             array = tmp_val->data.as_array;
-            cfl_array_append_string_s(array, (char *)val, strlen(val), CFL_FALSE);
+            cfl_array_append_string_s(array, (char *)val, len, CFL_FALSE);
             break;
         default:
             /* nop */
@@ -236,7 +236,7 @@ static int systemd_enumerate_data_store(struct flb_config *config,
     }
     else {
         cfl_kvlist_insert_string_s(kvlist, list_key, key_len,
-                                   (char *)val, strlen(val), CFL_FALSE);
+                                   (char *)val, len, CFL_FALSE);
     }
 
     flb_sds_destroy(list_key);