commit d0525c38d607504aee4ab8451d4651c2668997c0 Author: rl1987 rl1987@sdf.lonestar.org Date: Tue Jul 3 13:36:15 2018 +0300
Refrain from potentially insecure usage of strncat() --- changes/bug26522 | 6 ++++++ src/lib/err/backtrace.c | 9 +++------ 2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/changes/bug26522 b/changes/bug26522 new file mode 100644 index 000000000..c6b30eed7 --- /dev/null +++ b/changes/bug26522 @@ -0,0 +1,6 @@ + o Minor bugfixes (security): + - Refrain from potentially insecure usage of strncat() in + configure_backtrace_handler(). Use snprintf() instead. + Fixes bug 26522; bugfix on + a969ce464dc23db39725a891d60537f3d3e51b50 (not in any tor + release). diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index 5f5ecd3c3..d18a595c3 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -35,6 +35,7 @@ #include <errno.h> #include <stdlib.h> #include <string.h> +#include <stdio.h>
#ifdef HAVE_CYGWIN_SIGNAL_H #include <cygwin/signal.h> @@ -264,16 +265,12 @@ dump_stack_symbols_to_error_fds(void) int configure_backtrace_handler(const char *tor_version) { - char version[128]; - strncpy(version, "Tor", sizeof(version)-1); + char version[128] = "Tor\0";
if (tor_version) { - strncat(version, " ", sizeof(version)-1); - strncat(version, tor_version, sizeof(version)-1); + snprintf(version, sizeof(version), "Tor %s", tor_version); }
- version[sizeof(version) - 1] = 0; - return install_bt_handler(version); }