pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmo-sccp/+/34463?usp=email )
Change subject: xua_msg: Implement xua_msg_dump() using OSMO_STRBUF ......................................................................
xua_msg: Implement xua_msg_dump() using OSMO_STRBUF
This fixes a buffer overflow when a big message (eg containing long unitada, LUDT) is passed.
Change-Id: I3f91586a96df2d683865715dabb4d6bc042fb33f --- M src/xua_msg.c 1 file changed, 19 insertions(+), 21 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/63/34463/1
diff --git a/src/xua_msg.c b/src/xua_msg.c index 1df9abd..443b73e 100644 --- a/src/xua_msg.c +++ b/src/xua_msg.c @@ -511,37 +511,23 @@ return 1; }
-static void append_to_buf(char *buf, bool *comma, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - if (!comma || *comma == true) { - strcat(buf, ","); - } else if (comma) - *comma = true; - vsprintf(buf+strlen(buf), fmt, ap); - va_end(ap); -} - char *xua_msg_dump(struct xua_msg *xua, const struct xua_dialect *dialect) { static char buf[1024]; + struct osmo_strbuf sb = { .buf = buf, .len = sizeof(buf) }; struct xua_msg_part *part; const struct xua_msg_class *xmc = NULL; - bool comma = false; if (dialect) xmc = dialect->class[xua->hdr.msg_class];
buf[0] = '\0';
- append_to_buf(buf, &comma, "HDR=(%s,V=%u,LEN=%u)", - xua_hdr_dump(xua, dialect), - xua->hdr.version, xua->hdr.msg_length); + OSMO_STRBUF_PRINTF(sb, "HDR=(%s,V=%u,LEN=%u)", xua_hdr_dump(xua, dialect), + xua->hdr.version, xua->hdr.msg_length);
llist_for_each_entry(part, &xua->headers, entry) - append_to_buf(buf, NULL, " PART(T=%s,L=%u,D=%s)", - xua_class_iei_name(xmc, part->tag), part->len, - osmo_hexdump_nospc(part->dat, part->len)); - return buf; + OSMO_STRBUF_PRINTF(sb, ", PART(T=%s,L=%u,D=%s)", + xua_class_iei_name(xmc, part->tag), part->len, + osmo_hexdump_nospc(part->dat, part->len)); + return sb.buf; }
-
pespin