master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix long log line printing (#974)

Browse Source 
`vsnprintf` will stop at the max buffer size as provided in its 2nd
argument

But the return value is `The number of characters that would have been
written if n had been sufficiently large` meaning it can be larger than
actual buffer size
`fwrite` will actually use the larger, incorrect number and dump
unrelated memory to log (and crash with high confidence)

Test:
- Query admin interface with super long path (>16KB) - crash
- With the fix - no crash with the same input, log line cut off

Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
This commit is contained in:
Pavel Punsky 2022-09-08 02:24:28 -07:00 committed by GitHub
parent 83bd4e23e7
commit e2ff7caf9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/apps/common/ns_turn_utils.c
View File

@ -539,7 +539,6 @@ void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...)
/* Fix for Issue 24, raised by John Selbie: */
#define MAX_RTPPRINTF_BUFFER_SIZE (1024)
char s[MAX_RTPPRINTF_BUFFER_SIZE+1];
#undef MAX_RTPPRINTF_BUFFER_SIZE
size_t so_far = 0;
if (use_new_log_timestamp_format) {
time_t now = time(NULL);
@ -549,6 +548,10 @@ void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...)
}
so_far += snprintf(s + so_far, sizeof(s)-100, (level == TURN_LOG_LEVEL_ERROR) ? ": ERROR: " : ": ");
so_far += vsnprintf(s + so_far,sizeof(s) - (so_far+1), format, args);
if(so_far > MAX_RTPPRINTF_BUFFER_SIZE+1)
{
so_far=MAX_RTPPRINTF_BUFFER_SIZE+1;
}
if(!no_stdout_log)
fwrite(s, so_far, 1, stdout);
/* write to syslog or to log file */