From a86376cd1e13760eb1ef56d048c37d7532b98d68 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Mon, 29 Jul 2024 02:26:14 +0200 Subject: [PATCH] Fixed possible buffer overrun with long log lines --- CHANGES | 6 ++++++ error.c | 1 + 2 files changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index 74add19..f3423b7 100644 --- a/CHANGES +++ b/CHANGES @@ -24,6 +24,12 @@ Corrections: E retropts_int(): trailing garbage in numerical arg of option "protocol-family" Test: IP_SENDTO_PF + Fixed a possible buffer overrun with long log lines. In fact it does + not write beyond end of buffer but lets pass excessive data to the + write() function. + Thanks to Heinrich Schuchardt from Canonical for reporting and sending + a patch. + Features: Total inactivity timeout option -T 0 now means 0.0 seconds; up to version 1.8.0.0 it meant no total inactivity timeout. diff --git a/error.c b/error.c index d0a2a9e..3435046 100644 --- a/error.c +++ b/error.c @@ -404,6 +404,7 @@ void msg2( if (bufp < buff+MSGLEN) *bufp++ = ' '; strncpy(bufp, text, MSGLEN-(bufp-buff)); + bufp[MSGLEN-(bufp-buff)] = 0; bufp = strchr(bufp, '\0'); strcpy(bufp, "\n"); _msg(level, buff, syslp);