log: Check message buffer length to avoid overflow

Check that adding strlcpy result to the message length didn't exceed
size of the message buffer to avoid underflow in calculating remaining
size and overflowing the buffer.

diff --git a/src/main/log.c b/src/main/log.c
index 7470897df68b45bcb000d406005eb5f329b01666..16d3fafd7fa4b49624fa45459db6907182c4ce27 100644 (file)
--- a/src/main/log.c
+++ b/src/main/log.c
@@ -311,6 +311,8 @@ void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, ..
 
                if (len < sizeof(buffer)) {
                        len += strlcpy(buffer + len, fr_int2str(levels, (lvl & ~L_CONS), ": "), sizeof(buffer) - len);
+                       if (len >= sizeof(buffer))
+                               len = sizeof(buffer) - 1;
                }
        }