summaryrefslogtreecommitdiff
path: root/src/common/log.c
diff options
context:
space:
mode:
authorRobert Ransom <rransom.8774@gmail.com>2011-02-04 05:50:44 -0800
committerRobert Ransom <rransom.8774@gmail.com>2011-02-04 05:50:44 -0800
commit0ab8b7c0f22bd45d7108ce0185e027cd8e469593 (patch)
tree2058f800e1b091916de6be3dec689c9499d0da02 /src/common/log.c
parent89ee779f928af4ad31ad6d45936c6a386e263584 (diff)
downloadtor-0ab8b7c0f22bd45d7108ce0185e027cd8e469593.tar.gz
tor-0ab8b7c0f22bd45d7108ce0185e027cd8e469593.zip
Thou shalt not overflow even stupidly small buffers
Diffstat (limited to 'src/common/log.c')
-rw-r--r--src/common/log.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/common/log.c b/src/common/log.c
index f58b05b1bf..4b21fd9166 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -223,21 +223,31 @@ format_msg(char *buf, size_t buf_len,
size_t n;
int r;
char *end_of_prefix;
+ char *buf_end;
assert(buf_len >= 16); /* prevent integer underflow and general stupidity */
buf_len -= 2; /* subtract 2 characters so we have room for \n\0 */
+ buf_end = buf+buf_len; /* point *after* the last char we can write to */
n = _log_prefix(buf, buf_len, severity);
end_of_prefix = buf+n;
if (log_domains_are_logged) {
char *cp = buf+n;
+ if (cp == buf_end) goto format_msg_no_room_for_domains;
*cp++ = '{';
+ if (cp == buf_end) goto format_msg_no_room_for_domains;
cp = domain_to_string(domain, cp, (buf+buf_len-cp));
+ if (cp == buf_end) goto format_msg_no_room_for_domains;
*cp++ = '}';
+ if (cp == buf_end) goto format_msg_no_room_for_domains;
*cp++ = ' ';
+ if (cp == buf_end) goto format_msg_no_room_for_domains;
end_of_prefix = cp;
n = cp-buf;
+ format_msg_no_room_for_domains:
+ /* This will leave end_of_prefix and n unchanged, and thus cause
+ * whatever log domain string we had written to be clobbered. */
}
if (funcname && should_log_function_name(domain, severity)) {