From 2d1f798d14bc27153d9de2eb57c69c90420fb54f Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 26 Sep 2008 00:17:01 +0000 Subject: fix potential buffer overflow in test-server logging function --- tests/server/util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/server') diff --git a/tests/server/util.c b/tests/server/util.c index af9059721..8c4398183 100644 --- a/tests/server/util.c +++ b/tests/server/util.c @@ -62,7 +62,7 @@ const struct in6_addr in6addr_any = {{ IN6ADDR_ANY_INIT }}; void logmsg(const char *msg, ...) { va_list ap; - char buffer[512]; /* possible overflow if you pass in a huge string */ + char buffer[2048 + 1]; FILE *logfp; int error; struct timeval tv; @@ -80,10 +80,10 @@ void logmsg(const char *msg, ...) now = localtime(&sec); /* not multithread safe but we don't care */ snprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld", - now->tm_hour, now->tm_min, now->tm_sec, tv.tv_usec); + (int)now->tm_hour, (int)now->tm_min, (int)now->tm_sec, (long)tv.tv_usec); va_start(ap, msg); - vsprintf(buffer, msg, ap); + vsnprintf(buffer, sizeof(buffer), msg, ap); va_end(ap); logfp = fopen(serverlogfile, "a"); -- cgit v1.2.3