[PATCH 2/3] Prevent buffer overflow in dump_log_entry
Petr Tesarik
ptesarik at suse.cz
Wed Mar 12 11:59:27 EDT 2014
One message may be longer than BUFSIZE. In that case, the output
buffer overflows, causing stack corruption. Solve it by flushing
the buffer when it gets full.
Signed-off-by: Petr Tesarik <ptesarik at suse.cz>
---
makedumpfile.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/makedumpfile.c b/makedumpfile.c
index fc4ce19..261e1ad 100644
--- a/makedumpfile.c
+++ b/makedumpfile.c
@@ -3885,6 +3885,12 @@ dump_log_entry(char *logptr, int fp)
bufp += sprintf(buf, "[%5lld.%06ld] ", nanos, rem/1000);
for (i = 0, p = msg; i < text_len; i++, p++) {
+ if (bufp - buf >= sizeof(buf) - 6) {
+ if (write(info->fd_dumpfile, buf, bufp - buf) < 0)
+ return FALSE;
+ bufp = buf;
+ }
+
if (isprint(*p) || isspace(*p))
bufp =+ sprintf(bufp, "%c", *p);
else
--
1.8.4.5
More information about the kexec
mailing list