On Wed, Mar 9, 2022 at 6:17 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> The MAX_LOG_SIZE is 512. It is possible that a log message could
> exceed the max size (such as for neverallowx rules). If so, then
> write out "<LOG MESSAGE TRUNCATED>", so that it is obvious that
> the log message has been truncated.
>
> Reported-by: Jonathan Hettwer <j2468h@xxxxxxxxxxxxxx>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
Merged.
Jim
> ---
> libsepol/cil/src/cil_log.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_log.c b/libsepol/cil/src/cil_log.c
> index a296929b..e78c0aeb 100644
> --- a/libsepol/cil/src/cil_log.c
> +++ b/libsepol/cil/src/cil_log.c
> @@ -53,8 +53,13 @@ __attribute__ ((format (printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, co
> {
> if (cil_log_level >= lvl) {
> char buff[MAX_LOG_SIZE];
> - vsnprintf(buff, MAX_LOG_SIZE, msg, args);
> - (*cil_log_handler)(cil_log_level, buff);
> + int n = vsnprintf(buff, MAX_LOG_SIZE, msg, args);
> + if (n > 0) {
> + (*cil_log_handler)(cil_log_level, buff);
> + if (n >= MAX_LOG_SIZE) {
> + (*cil_log_handler)(cil_log_level, " <LOG MESSAGE TRUNCATED>");
> + }
> + }
> }
> }
>
> --
> 2.34.1
>
