Skip to content
Snippets Groups Projects
Commit d0525c38 authored by rl1987's avatar rl1987 Committed by Nick Mathewson
Browse files

Refrain from potentially insecure usage of strncat()

parent a9628c0c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
changes/bug26522 0 → 100644
+ 6
0
View file @ d0525c38
o Minor bugfixes (security):
- Refrain from potentially insecure usage of strncat() in
configure_backtrace_handler(). Use snprintf() instead.
Fixes bug 26522; bugfix on
a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor
release).
src/lib/err/backtrace.c
+ 3
6
View file @ d0525c38
......@@ -35,6 +35,7 @@
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_CYGWIN_SIGNAL_H
#include <cygwin/signal.h>
......@@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void)
int
configure_backtrace_handler(const char *tor_version)
{
char version[128];
strncpy(version, "Tor", sizeof(version)-1);
char version[128] = "Tor\0";
if (tor_version) {
strncat(version, " ", sizeof(version)-1);
strncat(version, tor_version, sizeof(version)-1);
snprintf(version, sizeof(version), "Tor %s", tor_version);
}
version[sizeof(version) - 1] = 0;
return install_bt_handler(version);
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment