mirror of https://gerrit.osmocom.org/libosmocore
logging/gsmtap: fix buffer overflow in _gsmtap_raw_output()
According to the man page, vsnprintf() returns: - a negative value in case of error; - the number of characters written (excluding '\0'); - the number of characters which *would have been written* if enough space had been available (excluding '\0'). We need to detect if the output was truncated, and properly limit the amount of bytes to be reserved within a msgb. Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a
This commit is contained in:
parent
470221575d
commit
785ecc9e50
|
@ -102,6 +102,12 @@ static void _gsmtap_raw_output(struct log_target *target, int subsys,
|
|||
if (rc < 0) {
|
||||
msgb_free(msg);
|
||||
return;
|
||||
} else if (rc >= msgb_tailroom(msg)) {
|
||||
/* If the output was truncated, vsnprintf() returns the
|
||||
* number of characters which would have been written
|
||||
* if enough space had been available (excluding '\0'). */
|
||||
rc = msgb_tailroom(msg);
|
||||
msg->tail[rc - 1] = '\0';
|
||||
}
|
||||
msgb_put(msg, rc);
|
||||
|
||||
|
|
Loading…
Reference in New Issue