clarify why strlcpy is safe in truncated log messages

author Nick Mathewson <nickm@torproject.org>

Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)

committer Nick Mathewson <nickm@torproject.org>

Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)
author Nick Mathewson <nickm@torproject.org>
Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)
committer Nick Mathewson <nickm@torproject.org>
Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)
diff --git a/src/common/log.c b/src/common/log.c

index 4e5a69f1a68e379d83b164ced865e5a99e220b20..3a4f32e17607a5ede2b653e8fcc0f494b17ed7a9 100644 (file)
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -143,15 +143,14 @@ static INLINE char *format_msg(char *buf, size_t buf_len,
      /* The message was too long; overwrite the end of the buffer with
       * "[...truncated]" */
      if (buf_len >= TRUNCATED_STR_LEN) {
-      /* This is safe, since we have an extra character after buf_len
-         to hold the \0. */
-      strlcpy(buf+buf_len-TRUNCATED_STR_LEN, TRUNCATED_STR,
-              buf_len-(buf_len-TRUNCATED_STR_LEN-1));
+      int offset = buf_len-TRUNCATED_STR_LEN;
+      /* We have an extra 2 characters after buf_len to hold the \n\0,
+       * so it's safe to add 1 to the size here. */
+      strlcpy(buf+offset, TRUNCATED_STR, buf_len-offset+1);
      }
      /* Set 'n' to the end of the buffer, where we'll be writing \n\0.
       * Since we already subtracted 2 from buf_len, this is safe.*/
      n = buf_len;
-
    } else {
      n += r;
    }
author	Nick Mathewson <nickm@torproject.org>
	Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)
committer	Nick Mathewson <nickm@torproject.org>
	Tue, 30 Nov 2004 06:15:06 +0000 (06:15 +0000)