Fixed possible buffer overrun with long log lines

This commit is contained in:
Gerhard Rieger 2024-07-29 02:26:14 +02:00
parent 0cfe39a413
commit a86376cd1e
2 changed files with 7 additions and 0 deletions

View file

@ -24,6 +24,12 @@ Corrections:
E retropts_int(): trailing garbage in numerical arg of option "protocol-family" E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
Test: IP_SENDTO_PF Test: IP_SENDTO_PF
Fixed a possible buffer overrun with long log lines. In fact it does
not write beyond end of buffer but lets pass excessive data to the
write() function.
Thanks to Heinrich Schuchardt from Canonical for reporting and sending
a patch.
Features: Features:
Total inactivity timeout option -T 0 now means 0.0 seconds; up to Total inactivity timeout option -T 0 now means 0.0 seconds; up to
version 1.8.0.0 it meant no total inactivity timeout. version 1.8.0.0 it meant no total inactivity timeout.

View file

@ -404,6 +404,7 @@ void msg2(
if (bufp < buff+MSGLEN) if (bufp < buff+MSGLEN)
*bufp++ = ' '; *bufp++ = ' ';
strncpy(bufp, text, MSGLEN-(bufp-buff)); strncpy(bufp, text, MSGLEN-(bufp-buff));
bufp[MSGLEN-(bufp-buff)] = 0;
bufp = strchr(bufp, '\0'); bufp = strchr(bufp, '\0');
strcpy(bufp, "\n"); strcpy(bufp, "\n");
_msg(level, buff, syslp); _msg(level, buff, syslp);