Matt McCutchen's Web Site
/
rsync
/
rsync.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
dcbae65
)
Make sure that we can't scan past the end of the format string.
author
Wayne Davison
<wayned@samba.org>
Wed, 30 Mar 2005 23:39:00 +0000
(23:39 +0000)
committer
Wayne Davison
<wayned@samba.org>
Wed, 30 Mar 2005 23:39:00 +0000
(23:39 +0000)
log.c
patch
|
blob
|
blame
|
history
diff --git
a/log.c
b/log.c
index
c6d2fc8
..
87cd1d7
100644
(file)
--- a/
log.c
+++ b/
log.c
@@
-371,6
+371,8
@@
static void log_formatted(enum logcode code, char *format, char *op,
*n++ = *p++;
while (isdigit(*(uchar*)p) && n - fmt < (int)(sizeof fmt) - 8)
*n++ = *p++;
*n++ = *p++;
while (isdigit(*(uchar*)p) && n - fmt < (int)(sizeof fmt) - 8)
*n++ = *p++;
+ if (!*p)
+ break;
*n = '\0';
n = NULL;
*n = '\0';
n = NULL;
@@
-497,9
+499,6
@@
static void log_formatted(enum logcode code, char *format, char *op,
break;
}
break;
}
- /* Subtract the length of the escape from the string's size. */
- total -= p - s;
-
/* "n" is the string to be inserted in place of this % code. */
if (!n)
continue;
/* "n" is the string to be inserted in place of this % code. */
if (!n)
continue;
@@
-510,6
+509,9
@@
static void log_formatted(enum logcode code, char *format, char *op,
}
len = strlen(n);
}
len = strlen(n);
+ /* Subtract the length of the escape from the string's size. */
+ total -= p - s;
+
if (len + total >= sizeof buf) {
rprintf(FERROR,
"buffer overflow expanding %%%c -- exiting\n",
if (len + total >= sizeof buf) {
rprintf(FERROR,
"buffer overflow expanding %%%c -- exiting\n",