This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/12444 )
Change subject: logging/gsmtap: fix buffer overflow in _gsmtap_raw_output()
......................................................................
logging/gsmtap: fix buffer overflow in _gsmtap_raw_output()
According to the man page, vsnprintf() returns:
- a negative value in case of error;
- the number of characters written (excluding '\0');
- the number of characters which *would have been written*
if enough space had been available (excluding '\0').
We need to detect if the output was truncated, and properly
limit the amount of bytes to be reserved within a msgb.
Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a
---
M src/logging_gsmtap.c
1 file changed, 6 insertions(+), 0 deletions(-)
Approvals:
Jenkins Builder: Verified
Pau Espin Pedrol: Looks good to me, but someone else must approve
Harald Welte: Looks good to me, approved
diff --git a/src/logging_gsmtap.c b/src/logging_gsmtap.c
index f17f292..98d2aad 100644
--- a/src/logging_gsmtap.c
+++ b/src/logging_gsmtap.c
@@ -102,6 +102,12 @@
if (rc < 0) {
msgb_free(msg);
return;
+ } else if (rc >= msgb_tailroom(msg)) {
+ /* If the output was truncated, vsnprintf() returns the
+ * number of characters which would have been written
+ * if enough space had been available (excluding '\0'). */
+ rc = msgb_tailroom(msg);
+ msg->tail[rc - 1] = '\0';
}
msgb_put(msg, rc);
--
To view, visit https://gerrit.osmocom.org/12444
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a
Gerrit-Change-Number: 12444
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181229/99389e18/attachment.htm>