mirror of
https://git.savannah.gnu.org/git/inetutils.git
synced 2026-01-12 00:19:39 +08:00
0170cf56ca
When logging a message, ASCII control characters are transliterated. This transliteration uses two printable characters for each control character. If the last character that fits into the destination buffer is a control character, the buffer needs place for two characters in addition to the string terminator. This was missing from the code, resulting in a stack-based buffer overflow weakness (CWE-121). * NEWS: Mention fix. * src/syslogd.c (printline): Allocate an additional byte in the "line" buffer to account for control character transliteration.