1
From c7fb3470c6140786fa97e35f1d488ce6a0b7af4e Mon Sep 17 00:00:00 2001
2
From: Balazs Scheidler <bazsi@balabit.hu>
3
Date: Sat, 29 Oct 2011 16:31:18 +0200
4
Subject: [PATCH] logproto: Fix log_proto_file_writer_flush()'s partial
7
If the log messages has different length and only a partial write
8
happen the log_proto_file_writer_flush there are a possible buffer
11
The problematic part is in the calculation about the last written
12
byte of the last written message. The calculation is not just too
13
difficult to follow but use the wrong message length in it.
14
Because of this ther are buffer under/overflow may happen or
15
starting to read the message in wrong position, causing messing the
18
Signed-off-by: SZALAY Attila <sasa@balabit.hu>
19
Signed-off-by: Gergely Nagy <algernon@balabit.hu>
21
lib/logproto.c | 5 +++--
22
1 files changed, 3 insertions(+), 2 deletions(-)
24
diff --git a/lib/logproto.c b/lib/logproto.c
25
index bdf9695..282064c 100644
28
@@ -256,7 +256,7 @@ static LogProtoStatus
29
log_proto_file_writer_flush(LogProto *s)
31
LogProtoFileWriter *self = (LogProtoFileWriter *)s;
32
- gint rc, i, i0, sum, ofs;
33
+ gint rc, i, i0, sum, ofs, pos;
35
/* we might be called from log_writer_deinit() without having a buffer at all */
37
@@ -299,7 +299,8 @@ log_proto_file_writer_flush(LogProto *s)
38
/* allocate and copy the remaning data */
39
self->partial = (guchar *)g_malloc(self->partial_len);
40
ofs = sum - rc; /* the length of the remaning (not processed) chunk in the first message */
41
- memcpy(self->partial, self->buffer[i0].iov_base + rc - (i0 > 0 ? (sum - self->buffer[i0 - 1].iov_len) : 0), ofs);
42
+ pos = self->buffer[i0].iov_len - ofs;
43
+ memcpy(self->partial, self->buffer[i0].iov_base + pos, ofs);
45
while (i < self->buf_count)