From: rl1987 <rl1987@sdf.lonestar.org>
Date: Tue, 3 Jul 2018 10:36:15 +0000 (+0300)
Subject: Refrain from potentially insecure usage of strncat()
X-Git-Tag: tor-0.3.5.1-alpha~266^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0525c38d607504aee4ab8451d4651c2668997c0;p=thirdparty%2Ftor.git

Refrain from potentially insecure usage of strncat()
---

diff --git a/changes/bug26522 b/changes/bug26522
new file mode 100644
index 0000000000..c6b30eed79
--- /dev/null
+++ b/changes/bug26522
@@ -0,0 +1,6 @@
+  o Minor bugfixes (security):
+    - Refrain from potentially insecure usage of strncat() in
+      configure_backtrace_handler(). Use snprintf() instead.
+      Fixes bug 26522; bugfix on
+      a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
+      release).
diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index 5f5ecd3c37..d18a595c34 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -35,6 +35,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdio.h>
 
 #ifdef HAVE_CYGWIN_SIGNAL_H
 #include <cygwin/signal.h>
@@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
 int
 configure_backtrace_handler(const char *tor_version)
 {
-  char version[128];
-  strncpy(version, "Tor", sizeof(version)-1);
+  char version[128] = "Tor\0";
 
   if (tor_version) {
-    strncat(version, " ", sizeof(version)-1);
-    strncat(version, tor_version, sizeof(version)-1);
+    snprintf(version, sizeof(version), "Tor %s", tor_version);
   }
 
-  version[sizeof(version) - 1] = 0;
-
   return install_bt_handler(version);
 }