Address overrun in remove_old_tsversions

If too many versions of log / dnstap files to be saved where requests
the memory after to_keep could be overwritten.  Force the number of
versions to be saved to a save level.  Additionally the memmove length
was incorrect.

(cherry picked from commit 6ca78bc57dece45029ee56a73161db7b68140286)

diff --git a/lib/isc/log.c b/lib/isc/log.c
index fcf387e94e7e49335b1881540bb22885cfd25eb9..f43fb66978d5a04b18887f7ead8f224f60fb4071 100644 (file)
--- a/lib/isc/log.c
+++ b/lib/isc/log.c
@@ -1153,10 +1153,13 @@ remove_old_tsversions(isc_logfile_t *file, int versions) {
        }
 
        if (versions > 0) {
+               if (versions > ISC_LOG_MAX_VERSIONS) {
+                       versions = ISC_LOG_MAX_VERSIONS;
+               }
                /*
                 * First we fill 'to_keep' structure using insertion sort
                 */
-               memset(to_keep, 0, versions * sizeof(long long));
+               memset(to_keep, 0, sizeof(to_keep));
                while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
                        if (dir.entry.length > bnamelen &&
                            strncmp(dir.entry.name, bname, bnamelen) == 0 &&
@@ -1173,9 +1176,8 @@ remove_old_tsversions(isc_logfile_t *file, int versions) {
                                        if (i < versions) {
                                                memmove(&to_keep[i + 1],
                                                        &to_keep[i],
-                                                       sizeof(long long) *
-                                                                       versions -
-                                                               i - 1);
+                                                       sizeof(to_keep[0]) *
+                                                       (versions - i - 1));
                                                to_keep[i] = version;
                                        }
                                }