From b819643635b54d3c1f64023e7bbf8b510953cd94 Mon Sep 17 00:00:00 2001 From: Anoop Saldanha Date: Sat, 28 May 2011 11:44:06 +0530 Subject: [PATCH] coverity - logging system buffer overrun fix --- src/util-debug.c | 42 +++++++++++++++++++++++++----------------- src/util-debug.h | 11 ++++++----- 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/src/util-debug.c b/src/util-debug.c index 837f8765c9..6d359ae8cd 100644 --- a/src/util-debug.c +++ b/src/util-debug.c @@ -277,44 +277,35 @@ SCError SCLogMessage(SCLogLevel log_level, char **msg, const char *file, /* no of characters_written(cw) by snprintf */ int cw = 0; - char *temp_fmt = strdup(sc_log_config->log_format); - char *temp_fmt_h = temp_fmt; - char *substr = temp_fmt; - - if (temp_fmt == NULL) { - goto error; - } - if (sc_log_module_initialized != 1) { #ifdef DEBUG printf("Logging module not initialized. Call SCLogInitLogModule(), " "before using the logging API\n"); #endif - if (temp_fmt != NULL) - free(temp_fmt); return SC_ERR_LOG_MODULE_NOT_INIT; } if (sc_log_fg_filters_present == 1) { if (SCLogMatchFGFilterWL(file, function, line) != 1) { - if (temp_fmt != NULL) - free(temp_fmt); return SC_ERR_LOG_FG_FILTER_MATCH; } if (SCLogMatchFGFilterBL(file, function, line) != 1) { - if (temp_fmt != NULL) - free(temp_fmt); return SC_ERR_LOG_FG_FILTER_MATCH; } } if (sc_log_fd_filters_present == 1 && SCLogMatchFDFilter(function) != 1) { - if (temp_fmt != NULL) - free(temp_fmt); return SC_ERR_LOG_FG_FILTER_MATCH; } + char *temp_fmt = SCStrdup(sc_log_config->log_format); + if (temp_fmt == NULL) { + return SC_ERR_MEM_ALLOC; + } + char *temp_fmt_h = temp_fmt; + char *substr = temp_fmt; + while ( (temp_fmt = index(temp_fmt, SC_LOG_FMT_PREFIX)) ) { if ((temp - *msg) > SC_LOG_MAX_LOG_MSG_LEN) { printf("Warning: Log message exceeded message length limit of %d\n", @@ -438,11 +429,28 @@ SCError SCLogMessage(SCLogLevel log_level, char **msg, const char *file, } temp_fmt++; } + if ((temp - *msg) > SC_LOG_MAX_LOG_MSG_LEN) { + printf("Warning: Log message exceeded message length limit of %d\n", + SC_LOG_MAX_LOG_MSG_LEN); + *msg = *msg + SC_LOG_MAX_LOG_MSG_LEN; + if (temp_fmt_h != NULL) + free(temp_fmt_h); + return SC_OK; + } cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - *msg), "%s", substr); if (cw < 0) goto error; + temp += cw; + if ((temp - *msg) > SC_LOG_MAX_LOG_MSG_LEN) { + printf("Warning: Log message exceeded message length limit of %d\n", + SC_LOG_MAX_LOG_MSG_LEN); + *msg = *msg + SC_LOG_MAX_LOG_MSG_LEN; + if (temp_fmt_h != NULL) + free(temp_fmt_h); + return SC_OK; + } - *msg = temp + cw; + *msg = temp; free(temp_fmt_h); diff --git a/src/util-debug.h b/src/util-debug.h index e41886ecc1..29c6c70600 100644 --- a/src/util-debug.h +++ b/src/util-debug.h @@ -230,11 +230,12 @@ extern int sc_log_module_cleaned; SC_LOG_MAX_LOG_MSG_LEN); \ _sc_log_err_temp = _sc_log_err_msg + \ SC_LOG_MAX_LOG_MSG_LEN; \ - } \ - snprintf(_sc_log_err_temp, \ - (SC_LOG_MAX_LOG_MSG_LEN - \ - (_sc_log_err_temp - _sc_log_err_msg)), \ - __VA_ARGS__); \ + } else { \ + snprintf(_sc_log_err_temp, \ + (SC_LOG_MAX_LOG_MSG_LEN - \ + (_sc_log_err_temp - _sc_log_err_msg)), \ + __VA_ARGS__); \ + } \ SCLogOutputBuffer(x, _sc_log_err_msg); \ } \ } while(0)