This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Vadim Yanitskiy gerrit-no-reply at lists.osmocom.orgVadim Yanitskiy has uploaded this change for review. ( https://gerrit.osmocom.org/12444 Change subject: logging/gsmtap: fix buffer overflow in _gsmtap_raw_output() ...................................................................... logging/gsmtap: fix buffer overflow in _gsmtap_raw_output() According to the man page, vsnprintf() returns: - a negative value in case of error; - the number of characters written (excluding '\0'); - the number of characters which *would have been written* if enough space had been available (excluding '\0'). We need to detect if the output was truncated, and properly limit the amount of bytes to be reserved within a msgb. Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a --- M src/logging_gsmtap.c 1 file changed, 6 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/44/12444/1 diff --git a/src/logging_gsmtap.c b/src/logging_gsmtap.c index f17f292..98d2aad 100644 --- a/src/logging_gsmtap.c +++ b/src/logging_gsmtap.c @@ -102,6 +102,12 @@ if (rc < 0) { msgb_free(msg); return; + } else if (rc >= msgb_tailroom(msg)) { + /* If the output was truncated, vsnprintf() returns the + * number of characters which would have been written + * if enough space had been available (excluding '\0'). */ + rc = msgb_tailroom(msg); + msg->tail[rc - 1] = '\0'; } msgb_put(msg, rc); -- To view, visit https://gerrit.osmocom.org/12444 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a Gerrit-Change-Number: 12444 Gerrit-PatchSet: 1 Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181228/04708512/attachment.htm>