From 0ab8b7c0f22bd45d7108ce0185e027cd8e469593 Mon Sep 17 00:00:00 2001
From: Robert Ransom <rransom.8774@gmail.com>
Date: Fri, 4 Feb 2011 05:50:44 -0800
Subject: [PATCH] Thou shalt not overflow even stupidly small buffers

---
 src/common/log.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/common/log.c b/src/common/log.c
index f58b05b1bf..4b21fd9166 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -223,21 +223,31 @@ format_msg(char *buf, size_t buf_len,
   size_t n;
   int r;
   char *end_of_prefix;
+  char *buf_end;
 
   assert(buf_len >= 16); /* prevent integer underflow and general stupidity */
   buf_len -= 2; /* subtract 2 characters so we have room for \n\0 */
+  buf_end = buf+buf_len; /* point *after* the last char we can write to */
 
   n = _log_prefix(buf, buf_len, severity);
   end_of_prefix = buf+n;
 
   if (log_domains_are_logged) {
     char *cp = buf+n;
+    if (cp == buf_end) goto format_msg_no_room_for_domains;
     *cp++ = '{';
+    if (cp == buf_end) goto format_msg_no_room_for_domains;
     cp = domain_to_string(domain, cp, (buf+buf_len-cp));
+    if (cp == buf_end) goto format_msg_no_room_for_domains;
     *cp++ = '}';
+    if (cp == buf_end) goto format_msg_no_room_for_domains;
     *cp++ = ' ';
+    if (cp == buf_end) goto format_msg_no_room_for_domains;
     end_of_prefix = cp;
     n = cp-buf;
+  format_msg_no_room_for_domains:
+    /* This will leave end_of_prefix and n unchanged, and thus cause
+     * whatever log domain string we had written to be clobbered. */
   }
 
   if (funcname && should_log_function_name(domain, severity)) {
-- 
2.11.4.GIT