Hi,
I could not convince myself that the strings passed to printline()
and parsepriority() are always NUL terminated. Better safe than
sorry and force a '\0' there.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.266
diff -u -p -r1.266 syslogd.c
--- usr.sbin/syslogd/syslogd.c 14 Jul 2021 13:33:57 -0000 1.266
+++ usr.sbin/syslogd/syslogd.c 3 Sep 2021 14:34:36 -0000
@@ -1309,6 +1309,7 @@ tcp_readcb(struct bufferevent *bufev, vo
/* Maximum frame has 5 digits, 1 space, MAXLINE chars, 1 new line. */
if (EVBUFFER_LENGTH(bufev->input) >= 5 + 1 + LOG_MAXLINE + 1) {
log_debug(", use %zu bytes", EVBUFFER_LENGTH(bufev->input));
+ EVBUFFER_DATA(bufev->input)[5 + 1 + LOG_MAXLINE] = '\0';
printline(p->p_hostname, EVBUFFER_DATA(bufev->input));
evbuffer_drain(bufev->input, -1);
} else if (EVBUFFER_LENGTH(bufev->input) > 0)
@@ -1571,7 +1572,8 @@ parsepriority(const char *msg, int *pri)
if (*msg++ == '<') {
nlen = strspn(msg, "1234567890");
if (nlen > 0 && nlen < sizeof(buf) && msg[nlen] == '>') {
- strlcpy(buf, msg, nlen + 1);
+ memcpy(buf, msg, nlen);
+ buf[nlen] = '\0';
maybepri = strtonum(buf, 0, INT_MAX, &errstr);
if (errstr == NULL) {
*pri = maybepri;
