Scan text in 64KB chunks

ozfive · ashmckenzie · commit c052ba6a076b · 2023-05-04T12:10:48.000+10:00
This commit fixes a potential denial of service
vulnerability in logrus.Writer() that could be
triggered by logging text longer than 64KB
without newlines. Previously, the bufio.Scanner
used by Writer() would hang indefinitely when
reading such text without newlines, causing the
application to become unresponsive.
diff --git a/writer.go b/writer.go
@@ -75,7 +75,8 @@ func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...
 		if len(data) > chunkSize {
 			return chunkSize, data[:chunkSize], nil
 		}
-		return 0, nil, nil
+
+		return len(data), data, nil
 	}
 
 	//Use the custom split function to split the input

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,8 @@ func (entry Entry) writerScanner(reader io.PipeReader, printFunc func(args ...`
`75`	`75`	`if len(data) > chunkSize {`
`76`	`76`	`return chunkSize, data[:chunkSize], nil`
`77`	`77`	`}`
`78`		`- return 0, nil, nil`
	`78`	`+`
	`79`	`+ return len(data), data, nil`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`//Use the custom split function to split the input`