From 98d1f19ba2ca3540e48582cf1ca56ced5193bc7b Mon Sep 17 00:00:00 2001 From: David Malone Date: Wed, 19 Jan 2011 17:17:37 +0000 Subject: [PATCH] Here v->iov_len has been assigned the return value from snprintf. Checking if it is > 0 doesn't make sense, because snprintf returns how much space is needed if the buffer is too small. Instead, check if the return value was greater than the buffer size, and truncate the message if it was too long. It isn't clear if snprintf can return a negative value in the case of an error - I don't believe it can. If it can, then testing v->iov_len won't help 'cos it is a size_t, not an ssize_t. Also, as clang points out, we must always increment v here, because later code depends on the message being in iov[5]. --- usr.sbin/syslogd/syslogd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index e97f8dc7721..045da5b8159 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1093,8 +1093,9 @@ fprintlog(struct filed *f, int flags, const char *msg) v->iov_len = snprintf(greetings, sizeof greetings, "\r\n\7Message from syslogd@%s at %.24s ...\r\n", f->f_prevhost, f->f_lasttime); - if (v->iov_len > 0) - v++; + if (v->iov_len >= sizeof greetings) + v->iov_len = sizeof greetings - 1; + v++; v->iov_base = nul; v->iov_len = 0; v++;