summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorteor <teor@torproject.org>2019-09-03 15:50:37 +1000
committerteor <teor@torproject.org>2019-09-04 13:51:22 +1000
commitf311d0676caad1c61a4dbf8fffbeb79003866903 (patch)
tree30729eaed6c0477d9621ea5da377472734971640
parentc55591825fedb0fe1db92fab7b654ccc15ad50d3 (diff)
downloadtor-f311d0676caad1c61a4dbf8fffbeb79003866903.tar.gz
tor-f311d0676caad1c61a4dbf8fffbeb79003866903.zip
backtrace: Check the return values of snprintf() and strncpy()
We can't use strlcat() or strlcpy() in torerr, because they are defined in string/compat_string.h on some platforms, and string uses torerr. Part of 31571.
-rw-r--r--src/lib/err/backtrace.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index a4d8269c6a..8606f42177 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -276,11 +276,23 @@ configure_backtrace_handler(const char *tor_version)
char version[128] = "Tor\0";
if (tor_version) {
- snprintf(version, sizeof(version), "Tor %s", tor_version);
+ int snp_rv = 0;
+ /* We can't use strlcat() here, because it is defined in
+ * string/compat_string.h on some platforms, and string uses torerr. */
+ snp_rv = snprintf(version, sizeof(version), "Tor %s", tor_version);
+ /* It's safe to call raw_assert() here, because raw_assert() does not
+ * call configure_backtrace_handler(). */
+ raw_assert(snp_rv < (int)sizeof(version));
+ raw_assert(snp_rv >= 0);
}
- strncpy(bt_version, version, sizeof(bt_version) - 1);
+ char *str_rv = NULL;
+ /* We can't use strlcpy() here, see the note about strlcat() above. */
+ str_rv = strncpy(bt_version, version, sizeof(bt_version) - 1);
+ /* We must terminate bt_version, then raw_assert(), because raw_assert()
+ * uses bt_version. */
bt_version[sizeof(bt_version) - 1] = 0;
+ raw_assert(str_rv == bt_version);
return install_bt_handler();
}