in_systemd: fix buffer over-read

[bpetermannS11]

Fix for #9788 buffer over-reads in the systemd input plugin.
In systemd_enumerate_data_store: when copying the item value the input string may not be 0-terminated, so relying on strlen may lead to reads beyond the end of the buffer. Use the known string length instead of strlen.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• [N/A] Run local packaging test showing all targets (including any new ones) build.
• [N/A] Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

[bpetermannS11]

Configuration

[SERVICE]
    daemon       Off
    http_server  Off

[INPUT]
    name              systemd
    tag               journald
    db                /var/log/fluent-bit/fluent-bit-journal.db
    lowercase         on
    strip_underscores on
    path              /var/log/journal
    read_from_tail    on

[bpetermannS11]

Valgrind/log output

valgrind --leak-check=full ~bpetermann/fluent-bit -c /root/fluent-bit.conf
==3239899== Memcheck, a memory error detector
==3239899== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3239899== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==3239899== Command: /home/bpetermann/fluent-bit -c /root/fluent-bit.conf
==3239899==
Fluent Bit v4.0.0
* Copyright (C) 2015-2024 The Fluent Bit Authors
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
* https://fluentbit.io

______ _                  _    ______ _ _             ___  _____
|  ___| |                | |   | ___ (_) |           /   ||  _  |
| |_  | |_   _  ___ _ __ | |_  | |_/ /_| |_  __   __/ /| || |/' |
|  _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / / /_| ||  /| |
| |   | | |_| |  __/ | | | |_  | |_/ / | |_   \ V /\___  |\ |_/ /
\_|   |_|\__,_|\___|_| |_|\__| \____/|_|\__|   \_/     |_(_)___/


[2025/01/02 14:51:14] [ info] [fluent bit] version=4.0.0, commit=09214ebc7b, pid=3239899
[2025/01/02 14:51:14] [ info] [storage] ver=1.5.2, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2025/01/02 14:51:14] [ info] [simd    ] disabled
[2025/01/02 14:51:14] [ info] [cmetrics] version=0.9.9
[2025/01/02 14:51:14] [ info] [ctraces ] version=0.5.7
[2025/01/02 14:51:14] [ info] [input:systemd:systemd.0] initializing
[2025/01/02 14:51:14] [ info] [input:systemd:systemd.0] storage_strategy='memory' (memory only)
[2025/01/02 14:51:15] [ info] [input:systemd:systemd.0] seek_cursor=s=7ecf669c4b424620a33097ad446b7c49;i=138... OK
[2025/01/02 14:51:15] [ info] [sp] stream processor started
^C[2025/01/02 14:51:28] [engine] caught signal (SIGINT)
[2025/01/02 14:51:29] [ warn] [engine] service will shutdown in max 5 seconds
[2025/01/02 14:51:29] [ info] [input] pausing systemd.0
[2025/01/02 14:51:30] [ info] [engine] service has stopped (0 pending tasks)
[2025/01/02 14:51:30] [ info] [input] pausing systemd.0
==3239899==
==3239899== HEAP SUMMARY:
==3239899==     in use at exit: 0 bytes in 0 blocks
==3239899==   total heap usage: 2,066,434 allocs, 2,066,434 frees, 605,937,652 bytes allocated
==3239899==
==3239899== All heap blocks were freed -- no leaks are possible
==3239899==
==3239899== For lists of detected and suppressed errors, rerun with: -s
==3239899== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)