logging/gsmtap: fix buffer overflow in _gsmtap_raw_output()
According to the man page, vsnprintf() returns:
- a negative value in case of error;
- the number of characters written (excluding '\0');
- the number of characters which *would have been written*
if enough space had been available (excluding '\0').
We need to detect if the output was truncated, and properly
limit the amount of bytes to be reserved within a msgb.
Change-Id: Ifa822edf900ed925ba935c54a28c797c4657358a
diff --git a/src/logging_gsmtap.c b/src/logging_gsmtap.c
index f17f292..98d2aad 100644
--- a/src/logging_gsmtap.c
+++ b/src/logging_gsmtap.c
@@ -102,6 +102,12 @@
if (rc < 0) {
msgb_free(msg);
return;
+ } else if (rc >= msgb_tailroom(msg)) {
+ /* If the output was truncated, vsnprintf() returns the
+ * number of characters which would have been written
+ * if enough space had been available (excluding '\0'). */
+ rc = msgb_tailroom(msg);
+ msg->tail[rc - 1] = '\0';
}
msgb_put(msg, rc);