In current code, we create line buffer with size 256, which can contains
255 ASCII characters. But in modern system, terminal can have larger
width. It may cause buffer overflow in snprintf() text.
limits.h provides constant LINE_MAX.
{LINE_MAX}
Unless otherwise noted, the maximum length, in bytes, of a
utility's input line (either standard input or another
file), when the utility is described as processing text
files. The length includes room for the trailing <newline>.
Minimum Acceptable Value: {_POSIX2_LINE_MAX}
Signed-off-by: Celeste Liu <CoelacanthusHex@xxxxxxxxx>
---
Changes in v3:
- Use constant LINE_MAX in limits.h instead dynamic heap allocation.
- Link to v2: https://lore.kernel.org/r/20240915-fix-log-buffer-overflow-v2-1-fb6b52a7d4b2@xxxxxxxxx
Changes in v2:
- Add free() forgot in v1.
- Link to v1: https://patch.msgid.link/20240914-fix-log-buffer-overflow-v1-1-733cb4fff673@xxxxxxxxx
---
monitor/packet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/monitor/packet.c b/monitor/packet.c
index c2599fe6864ab44d657c121fcc3ceecc1ebc52a6..32a440bbea6888ab6321e973dbb23d9728864557 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -26,6 +26,7 @@
#include <time.h>
#include <sys/time.h>
#include <sys/socket.h>
+#include <limits.h>
#include "lib/bluetooth.h"
#include "lib/uuid.h"
@@ -376,7 +377,7 @@ static void print_packet(struct timeval *tv, struct ucred *cred, char ident,
const char *text, const char *extra)
{
int col = num_columns();
- char line[256], ts_str[96], pid_str[140];
+ char line[LINE_MAX], ts_str[96], pid_str[140];
int n, ts_len = 0, ts_pos = 0, len = 0, pos = 0;
static size_t last_frame;
---
base-commit: 41f943630d9a03c40e95057b2ac3d96470b9c71e
change-id: 20240914-fix-log-buffer-overflow-9aa5e61ee5b8
Best regards,
--
Celeste Liu <CoelacanthusHex@xxxxxxxxx>
