From c052ba6a076b368de89029949f68b3b8ccd8e058 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 10 Mar 2023 13:45:41 -0800 Subject: [PATCH] Scan text in 64KB chunks This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64KB without newlines. Previously, the bufio.Scanner used by Writer() would hang indefinitely when reading such text without newlines, causing the application to become unresponsive. --- writer.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/writer.go b/writer.go index 36032d06..7e7703c7 100644 --- a/writer.go +++ b/writer.go @@ -75,7 +75,8 @@ func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ... if len(data) > chunkSize { return chunkSize, data[:chunkSize], nil } - return 0, nil, nil + + return len(data), data, nil } //Use the custom split function to split the input