mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 07:07:52 +01:00
Code Issues Projects Releases Wiki Activity

Refrain from potentially insecure usage of strncat()

Browse source
This commit is contained in:
rl1987 2018-07-03 13:36:15 +03:00 committed by Nick Mathewson
parent a9628c0c0b
commit d0525c38d6
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changes/bug26522 Normal file
View file

@ -0,0 +1,6 @@
o Minor bugfixes (security):
- Refrain from potentially insecure usage of strncat() in
configure_backtrace_handler(). Use snprintf() instead.
Fixes bug 26522; bugfix on
a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
release).

9
src/lib/err/backtrace.c
View file

@ -35,6 +35,7 @@
#include <errno.h> #include <errno.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdio.h>
#ifdef HAVE_CYGWIN_SIGNAL_H #ifdef HAVE_CYGWIN_SIGNAL_H
#include <cygwin/signal.h> #include <cygwin/signal.h>
@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
int int
configure_backtrace_handler(const char *tor_version) configure_backtrace_handler(const char *tor_version)
{ {
char version[128]; char version[128] = "Tor\0";
strncpy(version, "Tor", sizeof(version)-1);
if (tor_version) { if (tor_version) {
strncat(version, " ", sizeof(version)-1); snprintf(version, sizeof(version), "Tor %s", tor_version);
strncat(version, tor_version, sizeof(version)-1);
} }
version[sizeof(version) - 1] = 0;
return install_bt_handler(version); return install_bt_handler(version);
} }