Commit d0525c38 authored by rl1987's avatar rl1987 Committed by Nick Mathewson
Browse files

Refrain from potentially insecure usage of strncat()

parent a9628c0c
o Minor bugfixes (security):
- Refrain from potentially insecure usage of strncat() in
configure_backtrace_handler(). Use snprintf() instead.
Fixes bug 26522; bugfix on
a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
release).
......@@ -35,6 +35,7 @@
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_CYGWIN_SIGNAL_H
#include <cygwin/signal.h>
......@@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
int
configure_backtrace_handler(const char *tor_version)
{
char version[128];
strncpy(version, "Tor", sizeof(version)-1);
char version[128] = "Tor\0";
if (tor_version) {
strncat(version, " ", sizeof(version)-1);
strncat(version, tor_version, sizeof(version)-1);
snprintf(version, sizeof(version), "Tor %s", tor_version);
}
version[sizeof(version) - 1] = 0;
return install_bt_handler(version);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment