Date: Wed, 19 Jan 2011 17:17:37 +0000 (UTC) From: David Malone <dwmalone@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r217589 - head/usr.sbin/syslogd Message-ID: <201101191717.p0JHHbOh083434@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dwmalone Date: Wed Jan 19 17:17:37 2011 New Revision: 217589 URL: http://svn.freebsd.org/changeset/base/217589 Log: Here v->iov_len has been assigned the return value from snprintf. Checking if it is > 0 doesn't make sense, because snprintf returns how much space is needed if the buffer is too small. Instead, check if the return value was greater than the buffer size, and truncate the message if it was too long. It isn't clear if snprintf can return a negative value in the case of an error - I don't believe it can. If it can, then testing v->iov_len won't help 'cos it is a size_t, not an ssize_t. Also, as clang points out, we must always increment v here, because later code depends on the message being in iov[5]. Modified: head/usr.sbin/syslogd/syslogd.c Modified: head/usr.sbin/syslogd/syslogd.c ============================================================================== --- head/usr.sbin/syslogd/syslogd.c Wed Jan 19 17:11:52 2011 (r217588) +++ head/usr.sbin/syslogd/syslogd.c Wed Jan 19 17:17:37 2011 (r217589) @@ -1093,8 +1093,9 @@ fprintlog(struct filed *f, int flags, co v->iov_len = snprintf(greetings, sizeof greetings, "\r\n\7Message from syslogd@%s at %.24s ...\r\n", f->f_prevhost, f->f_lasttime); - if (v->iov_len > 0) - v++; + if (v->iov_len >= sizeof greetings) + v->iov_len = sizeof greetings - 1; + v++; v->iov_base = nul; v->iov_len = 0; v++;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101191717.p0JHHbOh083434>