diff options
| author | Michał Łyszczek <michal.lyszczek@bofc.pl> | 2019-06-08 22:08:39 +0200 |
|---|---|---|
| committer | Michał Łyszczek <michal.lyszczek@bofc.pl> | 2019-06-08 22:39:42 +0200 |
| commit | 09a3a1cc5687ca5caca82b2e23ffafb5155a10f1 (patch) | |
| tree | 1cb193a1d9125837821b222df634e804adefb8c8 | |
| parent | c6dc7438cd28d91d011fcf74483961b41f69bfd1 (diff) | |
| download | embedlog-09a3a1cc5687ca5caca82b2e23ffafb5155a10f1.tar.gz embedlog-09a3a1cc5687ca5caca82b2e23ffafb5155a10f1.tar.bz2 embedlog-09a3a1cc5687ca5caca82b2e23ffafb5155a10f1.zip | |
src/el-print.c: fix possible buffer overflow in el_print()
In case when message, finfo and colors are enabled and are full
(their text is as long as defined max values) it was possible to
overflow buffer. Very rare situation but surely it will happend,
to someone one day. Not anymore, it won't.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
| -rw-r--r-- | src/el-print.c | 11 | ||||
| -rw-r--r-- | src/el-private.h | 10 | ||||
| -rw-r--r-- | tst/test-el-print.c | 13 |
3 files changed, 29 insertions, 5 deletions
diff --git a/src/el-print.c b/src/el-print.c index 9db5f6f..2236c08 100644 --- a/src/el-print.c +++ b/src/el-print.c @@ -246,11 +246,20 @@ static size_t el_finfo return 0; } + if (num > EL_PRE_FINFO_LINE_MAX_NUM) + { + /* line number is too large and may overflow buffer, limit + * it to max value + */ + + num = EL_PRE_FINFO_LINE_MAX_NUM; + } + base = el_basename(file); buf[0] = '['; buf[1] = '\0'; - strncat(buf, base, EL_PRE_FINFO_LEN); + strncat(buf, base, EL_FLEN_MAX); fl = strlen(buf); fl += sprintf(buf + fl, ":%d]", num); diff --git a/src/el-private.h b/src/el-private.h index e81d61c..91adb67 100644 --- a/src/el-private.h +++ b/src/el-private.h @@ -162,6 +162,16 @@ extern struct el_options g_options; /* ========================================================================== + Numerical limit of line max, its stringified strlen() should not exceed + EL_PRE_FINFO_LINE_MAX_LEN. So if EL_PRE_FINFO_LINE_MAX_LEN is 2, best to + define it to 99, when 5 -> 99999. + ========================================================================== */ + + +#define EL_PRE_FINFO_LINE_MAX_NUM 9999999l + + +/* ========================================================================== maximum file info length. File info is a part with file name and line number, it looks like this diff --git a/tst/test-el-print.c b/tst/test-el-print.c index 2af6c92..2067a91 100644 --- a/tst/test-el-print.c +++ b/tst/test-el-print.c @@ -300,7 +300,7 @@ static int print_check(void) tmp[i] = '\0'; strcpy(expected_file, expected.file); - if (strcmp(tmp, basename(expected_file)) != 0) + if (strncmp(tmp, basename(expected_file), EL_FLEN_MAX) != 0) { /* * file name in printed log is different than what we set @@ -334,6 +334,11 @@ static int print_check(void) msg++; /* skip ']' character */ tmp[i] = '\0'; + if (expected.line > EL_PRE_FINFO_LINE_MAX_NUM) + { + expected.line = EL_PRE_FINFO_LINE_MAX_NUM; + } + if ((size_t)atoi(tmp) != expected.line) { /* @@ -932,8 +937,8 @@ static void print_truncate_with_date(void) static void print_truncate_with_all_options(void) { char msg[EL_LOG_MAX + 3]; - char finfo[EL_FLEN_MAX + 1]; - char prefix[EL_PREFIX_MAX + 1]; + char finfo[EL_FLEN_MAX + 3]; + char prefix[EL_PREFIX_MAX + 3]; size_t fline; /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ @@ -950,7 +955,7 @@ static void print_truncate_with_all_options(void) memset(prefix, 'c', sizeof(prefix)); finfo[sizeof(finfo) - 1] = '\0'; prefix[sizeof(prefix) - 1] = '\0'; - fline = (size_t)pow(10, EL_PRE_FINFO_LINE_MAX_LEN) - 1; + fline = (size_t)pow(10, EL_PRE_FINFO_LINE_MAX_LEN + 2) - 1; msg[sizeof(msg) - 1] = '\0'; msg[sizeof(msg) - 2] = '3'; msg[sizeof(msg) - 3] = '2'; |