From owner-svn-src-head@FreeBSD.ORG Wed Jan 19 17:17:37 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9067F1065674; Wed, 19 Jan 2011 17:17:37 +0000 (UTC) (envelope-from dwmalone@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7FB9B8FC08; Wed, 19 Jan 2011 17:17:37 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p0JHHbOl083436; Wed, 19 Jan 2011 17:17:37 GMT (envelope-from dwmalone@svn.freebsd.org) Received: (from dwmalone@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p0JHHbOh083434; Wed, 19 Jan 2011 17:17:37 GMT (envelope-from dwmalone@svn.freebsd.org) Message-Id: <201101191717.p0JHHbOh083434@svn.freebsd.org> From: David Malone Date: Wed, 19 Jan 2011 17:17:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r217589 - head/usr.sbin/syslogd X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2011 17:17:37 -0000 Author: dwmalone Date: Wed Jan 19 17:17:37 2011 New Revision: 217589 URL: http://svn.freebsd.org/changeset/base/217589 Log: Here v->iov_len has been assigned the return value from snprintf. Checking if it is > 0 doesn't make sense, because snprintf returns how much space is needed if the buffer is too small. Instead, check if the return value was greater than the buffer size, and truncate the message if it was too long. It isn't clear if snprintf can return a negative value in the case of an error - I don't believe it can. If it can, then testing v->iov_len won't help 'cos it is a size_t, not an ssize_t. Also, as clang points out, we must always increment v here, because later code depends on the message being in iov[5]. Modified: head/usr.sbin/syslogd/syslogd.c Modified: head/usr.sbin/syslogd/syslogd.c ============================================================================== --- head/usr.sbin/syslogd/syslogd.c Wed Jan 19 17:11:52 2011 (r217588) +++ head/usr.sbin/syslogd/syslogd.c Wed Jan 19 17:17:37 2011 (r217589) @@ -1093,8 +1093,9 @@ fprintlog(struct filed *f, int flags, co v->iov_len = snprintf(greetings, sizeof greetings, "\r\n\7Message from syslogd@%s at %.24s ...\r\n", f->f_prevhost, f->f_lasttime); - if (v->iov_len > 0) - v++; + if (v->iov_len >= sizeof greetings) + v->iov_len = sizeof greetings - 1; + v++; v->iov_base = nul; v->iov_len = 0; v++;