mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 15:32:35 +00:00
Fixed possible buffer overrun with long log lines
This commit is contained in:
parent
0cfe39a413
commit
a86376cd1e
2 changed files with 7 additions and 0 deletions
6
CHANGES
6
CHANGES
|
@ -24,6 +24,12 @@ Corrections:
|
||||||
E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
|
E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
|
||||||
Test: IP_SENDTO_PF
|
Test: IP_SENDTO_PF
|
||||||
|
|
||||||
|
Fixed a possible buffer overrun with long log lines. In fact it does
|
||||||
|
not write beyond end of buffer but lets pass excessive data to the
|
||||||
|
write() function.
|
||||||
|
Thanks to Heinrich Schuchardt from Canonical for reporting and sending
|
||||||
|
a patch.
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
Total inactivity timeout option -T 0 now means 0.0 seconds; up to
|
Total inactivity timeout option -T 0 now means 0.0 seconds; up to
|
||||||
version 1.8.0.0 it meant no total inactivity timeout.
|
version 1.8.0.0 it meant no total inactivity timeout.
|
||||||
|
|
1
error.c
1
error.c
|
@ -404,6 +404,7 @@ void msg2(
|
||||||
if (bufp < buff+MSGLEN)
|
if (bufp < buff+MSGLEN)
|
||||||
*bufp++ = ' ';
|
*bufp++ = ' ';
|
||||||
strncpy(bufp, text, MSGLEN-(bufp-buff));
|
strncpy(bufp, text, MSGLEN-(bufp-buff));
|
||||||
|
bufp[MSGLEN-(bufp-buff)] = 0;
|
||||||
bufp = strchr(bufp, '\0');
|
bufp = strchr(bufp, '\0');
|
||||||
strcpy(bufp, "\n");
|
strcpy(bufp, "\n");
|
||||||
_msg(level, buff, syslp);
|
_msg(level, buff, syslp);
|
||||||
|
|
Loading…
Reference in a new issue