Added patch for bufferoverflow in logger
This commit is contained in:
Sebastian
parent
f118b4545f
commit
556daa9eca
2 changed files with 50 additions and 0 deletions
49
MMDVMHost/0004-fix-bufferoverflow.patch
Normal file
49
MMDVMHost/0004-fix-bufferoverflow.patch
Normal file
|
|
@ -0,0 +1,49 @@
|
||||||
|
commit bab1b2ca3c80dc97cfeec23df291064147e4c013
|
||||||
|
Author: Rick Altherr <kc8apf@kc8apf.net>
|
||||||
|
Date: Mon Jun 24 15:21:42 2024 -0700
|
||||||
|
|
||||||
|
Fix buffer overflow in Log
|
||||||
|
|
||||||
|
Log line prefix is written to the buffer before the log message. While
|
||||||
|
the buffer start was being adjusted when writing the log message via
|
||||||
|
vsnprintf(), the buffer size was not. This would allow a log message to
|
||||||
|
write past the end of the stack-allocated buffer.
|
||||||
|
|
||||||
|
diff --git a/Log.cpp b/Log.cpp
|
||||||
|
index 752601e..9c94b0f 100644
|
||||||
|
--- a/Log.cpp
|
||||||
|
+++ b/Log.cpp
|
||||||
|
@@ -149,25 +149,29 @@ void Log(unsigned int level, const char* fmt, ...)
|
||||||
|
{
|
||||||
|
assert(fmt != NULL);
|
||||||
|
|
||||||
|
- char buffer[501U];
|
||||||
|
+ size_t buffer_len = 501U;
|
||||||
|
+ char buffer[buffer_len];
|
||||||
|
+ int count;
|
||||||
|
#if defined(_WIN32) || defined(_WIN64)
|
||||||
|
SYSTEMTIME st;
|
||||||
|
::GetSystemTime(&st);
|
||||||
|
|
||||||
|
- ::sprintf(buffer, "%c: %04u-%02u-%02u %02u:%02u:%02u.%03u ", LEVELS[level], st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
|
||||||
|
+ count = ::snprintf(buffer, buffer_len, "%c: %04u-%02u-%02u %02u:%02u:%02u.%03u ", LEVELS[level], st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
|
||||||
|
#else
|
||||||
|
struct timeval now;
|
||||||
|
::gettimeofday(&now, NULL);
|
||||||
|
|
||||||
|
struct tm* tm = ::gmtime(&now.tv_sec);
|
||||||
|
|
||||||
|
- ::sprintf(buffer, "%c: %04d-%02d-%02d %02d:%02d:%02d.%03lld ", LEVELS[level], tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, now.tv_usec / 1000LL);
|
||||||
|
+ count = ::snprintf(buffer, buffer_len, "%c: %04d-%02d-%02d %02d:%02d:%02d.%03lld ", LEVELS[level], tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, now.tv_usec / 1000LL);
|
||||||
|
#endif
|
||||||
|
+ assert(count >= 0);
|
||||||
|
+ buffer_len -= count;
|
||||||
|
|
||||||
|
va_list vl;
|
||||||
|
va_start(vl, fmt);
|
||||||
|
|
||||||
|
- ::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);
|
||||||
|
+ ::vsnprintf(buffer + count, buffer_len, fmt, vl);
|
||||||
|
|
||||||
|
va_end(vl);
|
||||||
|
|
||||||
|
|
@ -15,6 +15,7 @@ stdenv.mkDerivation {
|
||||||
./0001-patch-install-path.patch
|
./0001-patch-install-path.patch
|
||||||
./0002-fix-missing-include.patch
|
./0002-fix-missing-include.patch
|
||||||
./0003-fix-null-controller.patch
|
./0003-fix-null-controller.patch
|
||||||
|
./0004-fix-bufferoverflow.patch
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue