diff options
author | Nick Withers <nick.withers@anu.edu.au> | 2014-01-20 13:00:35 +1100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-01-20 08:52:21 +0100 |
commit | a32f996b6041ed60aec7ecd23cb750e98ba56e4f (patch) | |
tree | c37188776453c391b514a6fd104faf15cc4a0984 /cpukit/libnetworking/lib/syslog.c | |
parent | testsuite/psx13: Add linefeed to end of test message. (diff) | |
download | rtems-a32f996b6041ed60aec7ecd23cb750e98ba56e4f.tar.bz2 |
Don't use unsafe buffer operations
Don't use unsafe buffer operations, averting (stack) buffer overflow
when the syslog message length (including Facility and Level encoding)
would exceed 199 characters
Diffstat (limited to 'cpukit/libnetworking/lib/syslog.c')
-rw-r--r-- | cpukit/libnetworking/lib/syslog.c | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/cpukit/libnetworking/lib/syslog.c b/cpukit/libnetworking/lib/syslog.c index c0e7270b77..066d7ab0e4 100644 --- a/cpukit/libnetworking/lib/syslog.c +++ b/cpukit/libnetworking/lib/syslog.c @@ -49,7 +49,6 @@ void vsyslog (int pri, const char *fmt, va_list ap) { int cnt; - char *cp; char *msgp, cbuf[200]; int sent; @@ -65,26 +64,21 @@ vsyslog (int pri, const char *fmt, va_list ap) if ((pri & LOG_FACMASK) == 0) pri |= LogFacility; - cnt = sprintf (cbuf, "<%d>", pri); - cp = msgp = cbuf + cnt; - if (LogTag) { - const char *lp = LogTag; - while ((*cp = *lp++) != '\0') - cp++; - } - if (LogStatus & LOG_PID) { + cnt = snprintf (cbuf, sizeof (cbuf), "<%d>", pri); + msgp = cbuf + (cnt < sizeof (cbuf) ? cnt : sizeof (cbuf) - 1); + if (LogTag && cnt < sizeof (cbuf) - 1) + cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "%s", LogTag); + if (LogStatus & LOG_PID && cnt < sizeof (cbuf) - 1) { rtems_id tid; rtems_task_ident (RTEMS_SELF, 0, &tid); - cnt = sprintf (cp, "[%#lx]", (unsigned long)tid); - cp += cnt; - } - if (LogTag) { - *cp++ = ':'; - *cp++ = ' '; + cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, "[%#lx]", (unsigned long)tid); } - cnt = vsprintf (cp, fmt, ap); - cnt += cp - cbuf; - if (cbuf[cnt-1] == '\n') + if (LogTag && cnt < sizeof (cbuf) - 1) + cnt += snprintf (cbuf + cnt, sizeof (cbuf) - cnt, ": "); + cnt += vsnprintf (cbuf + cnt, sizeof (cbuf) - cnt, fmt, ap); + if (cnt > sizeof (cbuf) - 1) + cnt = sizeof (cbuf) - 1; + while (cnt > 0 && cbuf[cnt-1] == '\n') cbuf[--cnt] = '\0'; if (LogStatus & LOG_PERROR) |