[rtems commit] Don't use unsafe buffer operations
Sebastian Huber
sebh at rtems.org
Mon Jan 20 07:54:04 UTC 2014
Module: rtems
Branch: master
Commit: a32f996b6041ed60aec7ecd23cb750e98ba56e4f
Changeset: http://git.rtems.org/rtems/commit/?id=a32f996b6041ed60aec7ecd23cb750e98ba56e4f
Author: Nick Withers <nick.withers at anu.edu.au>
Date: Mon Jan 20 13:00:35 2014 +1100
Don't use unsafe buffer operations
Don't use unsafe buffer operations, averting (stack) buffer overflow
when the syslog message length (including Facility and Level encoding)
would exceed 199 characters
---
cpukit/libnetworking/lib/syslog.c | 30 ++++++++++++------------------
1 files changed, 12 insertions(+), 18 deletions(-)
diff --git a/cpukit/libnetworking/lib/syslog.c b/cpukit/libnetworking/lib/syslog.c
index c0e7270..066d7ab 100644
--- a/cpukit/libnetworking/lib/syslog.c
+++ b/cpukit/libnetworking/lib/syslog.c
@@ -49,7 +49,6 @@ void
vsyslog (int pri, const char *fmt, va_list ap)
{
int cnt;
- char *cp;
char *msgp, cbuf[200];
int sent;
@@ -65,26 +64,21 @@ vsyslog (int pri, const char *fmt, va_list ap)
if ((pri & LOG_FACMASK) == 0)
pri |= LogFacility;
- cnt = sprintf (cbuf, "<%d>", pri);
- cp = msgp = cbuf + cnt;
- if (LogTag) {
- const char *lp = LogTag;
- while ((*cp = *lp++) != '\0')
- cp++;
- }
- if (LogStatus & LOG_PID) {
+ cnt = snprintf (cbuf, sizeof (cbuf), "<%d>", pri);
+ msgp = cbuf + (cnt < sizeof (cbuf) ? cnt : sizeof (cbuf) - 1);
+ if (LogTag && cnt < sizeof (cbuf) - 1)
+ cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "%s", LogTag);
+ if (LogStatus & LOG_PID && cnt < sizeof (cbuf) - 1) {
rtems_id tid;
rtems_task_ident (RTEMS_SELF, 0, &tid);
- cnt = sprintf (cp, "[%#lx]", (unsigned long)tid);
- cp += cnt;
- }
- if (LogTag) {
- *cp++ = ':';
- *cp++ = ' ';
+ cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "[%#lx]", (unsigned long)tid);
}
- cnt = vsprintf (cp, fmt, ap);
- cnt += cp - cbuf;
- if (cbuf[cnt-1] == '\n')
+ if (LogTag && cnt < sizeof (cbuf) - 1)
+ cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, ": ");
+ cnt += vsnprintf (cbuf + cnt, sizeof (cbuf) - cnt, fmt, ap);
+ if (cnt > sizeof (cbuf) - 1)
+ cnt = sizeof (cbuf) - 1;
+ while (cnt > 0 && cbuf[cnt-1] == '\n')
cbuf[--cnt] = '\0';
if (LogStatus & LOG_PERROR)
More information about the vc
mailing list