Changeset a32f996b in rtems


Ignore:
Timestamp:
Jan 20, 2014, 2:00:35 AM (6 years ago)
Author:
Nick Withers <nick.withers@…>
Branches:
4.11, master
Children:
45e82bb8
Parents:
6e6fd513
git-author:
Nick Withers <nick.withers@…> (01/20/14 02:00:35)
git-committer:
Sebastian Huber <sebastian.huber@…> (01/20/14 07:52:21)
Message:

Don't use unsafe buffer operations

Don't use unsafe buffer operations, averting (stack) buffer overflow
when the syslog message length (including Facility and Level encoding)
would exceed 199 characters

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libnetworking/lib/syslog.c

    r6e6fd513 ra32f996b  
    5050{
    5151        int cnt;
    52         char *cp;
    5352        char *msgp, cbuf[200];
    5453        int sent;
     
    6665                pri |= LogFacility;
    6766
    68         cnt = sprintf (cbuf, "<%d>", pri);
    69         cp = msgp = cbuf + cnt;
    70         if (LogTag) {
    71                 const char *lp = LogTag;
    72                 while ((*cp = *lp++) != '\0')
    73                         cp++;
    74         }
    75         if (LogStatus & LOG_PID) {
     67        cnt = snprintf (cbuf, sizeof (cbuf), "<%d>", pri);
     68        msgp = cbuf + (cnt < sizeof (cbuf) ? cnt : sizeof (cbuf) - 1);
     69        if (LogTag && cnt < sizeof (cbuf) - 1)
     70                cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "%s", LogTag);
     71        if (LogStatus & LOG_PID && cnt < sizeof (cbuf) - 1) {
    7672                rtems_id tid;
    7773                rtems_task_ident (RTEMS_SELF, 0, &tid);
    78                 cnt = sprintf (cp, "[%#lx]", (unsigned long)tid);
    79                 cp += cnt;
     74                cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "[%#lx]", (unsigned long)tid);
    8075        }
    81         if (LogTag) {
    82                 *cp++ = ':';
    83                 *cp++ = ' ';
    84         }
    85         cnt = vsprintf (cp, fmt, ap);
    86         cnt += cp - cbuf;
    87         if (cbuf[cnt-1] == '\n')
     76        if (LogTag && cnt < sizeof (cbuf) - 1)
     77                cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, ": ");
     78        cnt += vsnprintf (cbuf + cnt, sizeof (cbuf) - cnt, fmt, ap);
     79        if (cnt > sizeof (cbuf) - 1)
     80                cnt = sizeof (cbuf) - 1;
     81        while (cnt > 0 && cbuf[cnt-1] == '\n')
    8882                cbuf[--cnt] = '\0';
    8983
Note: See TracChangeset for help on using the changeset viewer.