From 6494708f2f40330264f7544a9e736dec4c9ab6e1 Mon Sep 17 00:00:00 2001 From: CHEN Gang Date: Fri, 6 Jul 2018 11:09:46 +0800 Subject: [PATCH] tools: acrn-crashlog: fix potential buffer overflow issues This patch is to fix the potential buffer overflow issues. Signed-off-by: CHEN Gang Reviewed-by: Zhi Jin Reviewed-by: xiaojin2 --- tools/acrn-crashlog/common/log_sys.c | 6 +++++- tools/acrn-crashlog/usercrash/protocol.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/acrn-crashlog/common/log_sys.c b/tools/acrn-crashlog/common/log_sys.c index 325172c24..446a36459 100644 --- a/tools/acrn-crashlog/common/log_sys.c +++ b/tools/acrn-crashlog/common/log_sys.c @@ -17,7 +17,9 @@ void do_log(const int level, va_list args; char *fmt; char log[MAX_LOG_LEN]; + char *msg_log; int n = 0; + int msg_len = 0; #ifdef DEBUG_ACRN_CRASHLOG const char header_fmt[] = "<%-20s%5d>: "; #endif @@ -40,8 +42,10 @@ void do_log(const int level, if (n < 0 || (size_t)n >= sizeof(log)) n = 0; #endif + msg_log = log + n; + msg_len = sizeof(log) - n; /* msg */ - vsnprintf(log + n, sizeof(log) - n, fmt, args); + vsnprintf(msg_log, msg_len, fmt, args); log[sizeof(log) - 1] = 0; va_end(args); diff --git a/tools/acrn-crashlog/usercrash/protocol.c b/tools/acrn-crashlog/usercrash/protocol.c index 8aceeeac8..58110fe07 100644 --- a/tools/acrn-crashlog/usercrash/protocol.c +++ b/tools/acrn-crashlog/usercrash/protocol.c @@ -44,7 +44,7 @@ static int socket_make_sockaddr_un(const char *name, name_len = strlen(name); if (name_len >= (SUN_PATH_MAX - socket_len)) return -1; - strcat(p_addr->sun_path, name); + strncat(p_addr->sun_path, name, SUN_PATH_MAX - socket_len); p_addr->sun_family = AF_LOCAL; *alen = name_len + socket_len + @@ -111,7 +111,7 @@ static int socket_bind(int fd, const char *name) name_len = strlen(name); if (name_len >= SUN_PATH_MAX) return -1; - strcpy(addr.sun_path, name); + strncpy(addr.sun_path, name, SUN_PATH_MAX); unlink(addr.sun_path); alen = strlen(addr.sun_path) + sizeof(addr.sun_family);