summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Adamowski <olo@fb.com>2016-01-11 15:26:41 -0800
committerAleksander Adamowski <olo@fb.com>2016-01-11 15:26:41 -0800
commit13f5402c6b734ed4c2b3e8b7c3d3bf6d815e7661 (patch)
tree06b8adcf6e38d7eb7f05f1b5f556f05c1a26a73b
parenta41a7181c9af8f9ac93a85a2cf133294dd202c8e (diff)
Fix miscalculated buffer size and uses of size-unlimited sprintf()
function. Not sure if this results in an exploitable buffer overflow, probably not since the the int value is likely sanitized somewhere earlier and it's being put through a bit mask shortly before being used.
-rw-r--r--src/journal/journald-syslog.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index cfc50d889b..0cd5a35005 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -326,7 +326,7 @@ void server_process_syslog_message(
size_t label_len) {
char syslog_priority[sizeof("PRIORITY=") + DECIMAL_STR_MAX(int)],
- syslog_facility[sizeof("SYSLOG_FACILITY") + DECIMAL_STR_MAX(int)];
+ syslog_facility[sizeof("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
const char *message = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
struct iovec iovec[N_IOVEC_META_FIELDS + 6];
unsigned n = 0;
@@ -357,11 +357,11 @@ void server_process_syslog_message(
IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
- sprintf(syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK);
+ snprintf(syslog_priority, sizeof(syslog_priority), "PRIORITY=%i", priority & LOG_PRIMASK);
IOVEC_SET_STRING(iovec[n++], syslog_priority);
if (priority & LOG_FACMASK) {
- sprintf(syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority));
+ snprintf(syslog_facility, sizeof(syslog_facility), "SYSLOG_FACILITY=%i", LOG_FAC(priority));
IOVEC_SET_STRING(iovec[n++], syslog_facility);
}