From c3fc63fe8661d17272a5840b26a7e45cf21fb82a Mon Sep 17 00:00:00 2001
From: Frederic Cambus <fred@statdns.com>
Date: Thu, 2 Dec 2021 09:53:31 +0100
Subject: [PATCH] Fix a use-after-free (read) triggered by strcmp(3) calls.

The parse_request() function didn't zero out the parsed_request struct
between each call. Since the parsing loop was switched to using getline(3)
instead of a fixed size buffer to process log lines, it could reference
already freed memory in certain cases.

Thanks to Brian Carpenter (@geeknik) for finding and reporting the issue.
---
 src/parse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/parse.c b/src/parse.c
index 7cda9e5..d791169 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -4,7 +4,7 @@
  * https://www.logswan.org
  *
  * Created:      2015-05-31
- * Last Updated: 2021-02-15
+ * Last Updated: 2021-12-02
  *
  * Logswan is released under the BSD 2-Clause license.
  * See LICENSE file for details.
@@ -60,6 +60,8 @@ parse_request(struct request *parsed_request, char *request)
 {
 	char *pch = strrchr(request, ' ');
 
+	memset(parsed_request, 0, sizeof(*parsed_request));
+
 	if (pch) {
 		parsed_request->protocol = pch + 1;
 		parsed_request->method = strtok(request, " ");