summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changes/bug265226
-rw-r--r--src/lib/err/backtrace.c9
2 files changed, 9 insertions, 6 deletions
diff --git a/changes/bug26522 b/changes/bug26522
new file mode 100644
index 0000000000..c6b30eed79
--- /dev/null
+++ b/changes/bug26522
@@ -0,0 +1,6 @@
+ o Minor bugfixes (security):
+ - Refrain from potentially insecure usage of strncat() in
+ configure_backtrace_handler(). Use snprintf() instead.
+ Fixes bug 26522; bugfix on
+ a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
+ release).
diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index 5f5ecd3c37..d18a595c34 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -35,6 +35,7 @@
#include <errno.h>
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
#ifdef HAVE_CYGWIN_SIGNAL_H
#include <cygwin/signal.h>
@@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
int
configure_backtrace_handler(const char *tor_version)
{
- char version[128];
- strncpy(version, "Tor", sizeof(version)-1);
+ char version[128] = "Tor\0";
if (tor_version) {
- strncat(version, " ", sizeof(version)-1);
- strncat(version, tor_version, sizeof(version)-1);
+ snprintf(version, sizeof(version), "Tor %s", tor_version);
}
- version[sizeof(version) - 1] = 0;
-
return install_bt_handler(version);
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion