From 94b88276fbdc14e945a5f37618052725e78a7521 Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Tue, 3 Feb 2015 12:10:52 +0100 Subject: [PATCH] log: Check message buffer length to avoid overflow Check that adding strlcpy result to the message length didn't exceed size of the message buffer to avoid underflow in calculating remaining size and overflowing the buffer. --- src/main/log.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/log.c b/src/main/log.c index 7470897df6..16d3fafd7f 100644 --- a/src/main/log.c +++ b/src/main/log.c @@ -311,6 +311,8 @@ void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, .. if (len < sizeof(buffer)) { len += strlcpy(buffer + len, fr_int2str(levels, (lvl & ~L_CONS), ": "), sizeof(buffer) - len); + if (len >= sizeof(buffer)) + len = sizeof(buffer) - 1; } } -- 2.47.2