GitLab

Hi Team,

https://github.com/torproject/tor/blob/master/src/lib/err/backtrace.c#L267-L268

i.e

strncat(version, " ", sizeof(version)-1); strncat(version, tor_version, sizeof(version)-1);

Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) such as (CWE-120).

Consider strcat_s, strlcat, snprintf, or automatically resizing strings. I feel the risk is high because the length parameter appears to be a constant, instead of computing the number of characters left.

Request team to please have a look and validate.

Regards Dhiraj

Trac:
Username: Dhiraj