mirror of https://gerrit.osmocom.org/libosmocore
logging/gsmtap: fix buffer overflow in _gsmtap_raw_output()
According to the man page, vsnprintf() returns: - a negative value in case of error; - the number of characters written (excluding '\0'); - the number of characters which *would have been written* if enough space had been available (excluding '\0'). We need to detect if the output was truncated, and properly limit the amount of bytes to be reserved within a msgb. Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a
This commit is contained in:
parent
470221575d
commit
785ecc9e50
|
@ -102,6 +102,12 @@ static void _gsmtap_raw_output(struct log_target *target, int subsys,
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
msgb_free(msg);
|
msgb_free(msg);
|
||||||
return;
|
return;
|
||||||
|
} else if (rc >= msgb_tailroom(msg)) {
|
||||||
|
/* If the output was truncated, vsnprintf() returns the
|
||||||
|
* number of characters which would have been written
|
||||||
|
* if enough space had been available (excluding '\0'). */
|
||||||
|
rc = msgb_tailroom(msg);
|
||||||
|
msg->tail[rc - 1] = '\0';
|
||||||
}
|
}
|
||||||
msgb_put(msg, rc);
|
msgb_put(msg, rc);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue