Skip to content

Commit

Permalink
Scan text in 64KB chunks
Browse files Browse the repository at this point in the history 
This commit fixes a potential denial of service
vulnerability in logrus.Writer() that could be
triggered by logging text longer than 64KB
without newlines. Previously, the bufio.Scanner
used by Writer() would hang indefinitely when
reading such text without newlines, causing the
application to become unresponsive.
  • Loading branch information
@ozfive @ashmckenzie
ozfive authored and ashmckenzie committed May 4, 2023
1 parent 766cfec commit c052ba6
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion writer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...
if len(data) > chunkSize {
return chunkSize, data[:chunkSize], nil
}
return 0, nil, nil

return len(data), data, nil
}

//Use the custom split function to split the input
Expand Down

0 comments on commit c052ba6

Please sign in to comment.