Refrain from potentially insecure usage of strncat()

2 files changed, 9 insertions, 6 deletions

diff --git a/changes/bug26522 b/changes/bug26522
new file mode 100644
index 0000000000..c6b30eed79
--- /dev/null
+++ b/changes/bug26522
@@ -0,0 +1,6 @@
+  o Minor bugfixes (security):
+    - Refrain from potentially insecure usage of strncat() in
+      configure_backtrace_handler(). Use snprintf() instead.
+      Fixes bug 26522; bugfix on
+      a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
+      release).
diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index 5f5ecd3c37..d18a595c34 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -35,6 +35,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdio.h>
 
 #ifdef HAVE_CYGWIN_SIGNAL_H
 #include <cygwin/signal.h>
@@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
 int
 configure_backtrace_handler(const char *tor_version)
 {
-  char version[128];
-  strncpy(version, "Tor", sizeof(version)-1);
+  char version[128] = "Tor\0";
 
   if (tor_version) {
-    strncat(version, " ", sizeof(version)-1);
-    strncat(version, tor_version, sizeof(version)-1);
+    snprintf(version, sizeof(version), "Tor %s", tor_version);
   }
 
-  version[sizeof(version) - 1] = 0;
-
   return install_bt_handler(version);
 }