From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 13 Apr 2001 01:41:57 +0000 (+0000)
Subject: Fix a non-exploitable buffer overflow in the word splitting code.  This
X-Git-Tag: SUDO_1_6_4~193
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9dd02e2fb9076b731658ee22998e2d99004f0438;p=sudo

Fix a non-exploitable buffer overflow in the word splitting code.  This
should really be rewritten.
---

diff --git a/logging.c b/logging.c
index c7bd566e4..767219671 100644
--- a/logging.c
+++ b/logging.c
@@ -139,7 +139,8 @@ do_syslog(pri, msg)
     /*
      * Log the full line, breaking into multiple syslog(3) calls if necessary
      */
-    for (p = msg, count = 0; count < strlen(msg) / MAXSYSLOGLEN + 1; count++) {
+    for (p = msg, count = 0; *p && count < strlen(msg) / MAXSYSLOGLEN + 1;
+	count++) {
 	if (strlen(p) > MAXSYSLOGLEN) {
 	    /*
 	     * Break up the line into what will fit on one syslog(3) line
@@ -162,7 +163,7 @@ do_syslog(pri, msg)
 	    *tmp = save;			/* restore saved character */
 
 	    /* Eliminate leading whitespace */
-	    for (p = tmp; *p != ' '; p++)
+	    for (p = tmp; *p != ' ' && *p !='\0'; p++)
 		;
 	} else {
 	    if (count == 0)