log: Check message buffer length to avoid overflow

Check that adding strlcpy result to the message length didn't exceed
size of the message buffer to avoid underflow in calculating remaining
size and overflowing the buffer.

diff --git a/src/main/log.c b/src/main/log.c
index 7470897..16d3faf 100644 (file)
--- a/src/main/log.c
+++ b/src/main/log.c
@@ -311,6 +311,8 @@ void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, ..
 
                if (len < sizeof(buffer)) {
                        len += strlcpy(buffer + len, fr_int2str(levels, (lvl & ~L_CONS), ": "), sizeof(buffer) - len);
+                       if (len >= sizeof(buffer))
+                               len = sizeof(buffer) - 1;
                }
        }