aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

log/tlsstore: improve path handling

Browse Source 
Use PathMerge.

Address format truncation warnings.

log-tlsstore.c: In function 'CreateFileName':
log-tlsstore.c:68:9: warning: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
   68 |     if (snprintf(path, sizeof(path), "%s/%s%ld.%ld-%d.pem", tls_logfile_base_dir, dir,
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   69 |                 (long int)SCTIME_SECS(p->ts), (long int)SCTIME_USECS(p->ts),
      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   70 |                 file_id) == sizeof(path))
      |                 ~~~~~~~~
log-tlsstore.c:68:9: note: assuming directive output of 1 byte
log-tlsstore.c:68:9: note: directive argument in the range [0, 17592186044415]
log-tlsstore.c:68:9: note: directive argument in the range [0, 1048575]
log-tlsstore.c:68:9: note: using the range [-2147483648, 2147483647] for directive argument
log-tlsstore.c:68:9: note: 'snprintf' output 11 or more bytes (assuming 4126) into a destination of size 4096

Ticket: #7905.
pull/13926/head
Victor Julien 2 months ago committed by Victor Julien
parent 98730c2c43
commit 840d372320
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File

20
src/log-tlsstore.c
Unescape Escape View File

@ -57,20 +57,19 @@ typedef struct LogTlsStoreLogThread_ {
static int CreateFileName(
const Packet *p, SSLState *state, char *filename, size_t filename_size, const bool client)
{
char path[PATH_MAX];
char file[PATH_MAX];
int file_id = SC_ATOMIC_ADD(cert_id, 1);
const char *dir = client ? "client-" : "";
const char *direction = client ? "client-" : "";
/* Use format : packet time + incremental ID
* When running on same pcap it will overwrite
* On a live device, we will not be able to overwrite */
if (snprintf(path, sizeof(path), "%s/%s%ld.%ld-%d.pem", tls_logfile_base_dir, dir,
(long int)SCTIME_SECS(p->ts), (long int)SCTIME_USECS(p->ts),
file_id) == sizeof(path))
if (snprintf(file, sizeof(file), "%s%ld.%ld-%d.pem", direction, (long int)SCTIME_SECS(p->ts),
(long int)SCTIME_USECS(p->ts), file_id) == sizeof(file))
return 0;
strlcpy(filename, path, filename_size);
if (PathMerge(filename, filename_size, tls_logfile_base_dir, file) < 0)
return 0;
return 1;
}
@ -419,8 +418,11 @@ static OutputInitResult LogTlsStoreLogInitCtx(SCConfNode *conf)
strlcpy(tls_logfile_base_dir,
s_base_dir, sizeof(tls_logfile_base_dir));
} else {
snprintf(tls_logfile_base_dir, sizeof(tls_logfile_base_dir),
"%s/%s", s_default_log_dir, s_base_dir);
if (PathMerge(tls_logfile_base_dir, sizeof(tls_logfile_base_dir), s_default_log_dir,
s_base_dir) < 0) {
LogTlsStoreLogDeInitCtx(output_ctx);
return result;
}
}
}

Write Preview
Loading…
Cancel
Save