The MAX_LOG_SIZE is 512. It is possible that a log message could
exceed the max size (such as for neverallowx rules). If so, then
write out "<LOG MESSAGE TRUNCATED>", so that it is obvious that
the log message has been truncated.
Reported-by: Jonathan Hettwer <j2468h@xxxxxxxxxxxxxx>
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_log.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libsepol/cil/src/cil_log.c b/libsepol/cil/src/cil_log.c
index a296929b..e78c0aeb 100644
--- a/libsepol/cil/src/cil_log.c
+++ b/libsepol/cil/src/cil_log.c
@@ -53,8 +53,13 @@ __attribute__ ((format (printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, co
{
if (cil_log_level >= lvl) {
char buff[MAX_LOG_SIZE];
- vsnprintf(buff, MAX_LOG_SIZE, msg, args);
- (*cil_log_handler)(cil_log_level, buff);
+ int n = vsnprintf(buff, MAX_LOG_SIZE, msg, args);
+ if (n > 0) {
+ (*cil_log_handler)(cil_log_level, buff);
+ if (n >= MAX_LOG_SIZE) {
+ (*cil_log_handler)(cil_log_level, " <LOG MESSAGE TRUNCATED>");
+ }
+ }
}
}
--
2.34.1
