From 39a88c4c95b21e8368cafca27a0ae1df49a7a673 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 18 Jun 2010 09:28:11 +0200 Subject: [PATCH] snprintf() fixes, version 4.3.5 --- .../credentials/ietf_attributes/ietf_attributes.c | 13 +++++++++++-- src/libstrongswan/utils/identification.c | 12 ++++++++++++ src/pluto/x509.c | 4 ++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index ff3ddeb..de5b85b 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this) enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &attr)) { - int written = 0; + int written; if (first) { @@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this) else { written = snprintf(pos, len, ", "); + if (written < 0 || written >= len) + { + break; + } pos += written; - len -= written; + len -= written; } switch (attr->type) @@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this) break; } default: + written = 0; break; } + if (written < 0 || written >= len) + { + break; + } pos += written; len -= written; } diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index dfb6465..81ee390 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -300,6 +300,10 @@ static void dntoa(chunk_t dn, char *buf, size_t len) { written = snprintf(buf, len,"%s=", oid_names[oid].name); } + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; @@ -311,12 +315,20 @@ static void dntoa(chunk_t dn, char *buf, size_t len) { written = snprintf(buf, len, "%#B", &data); } + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; if (data.ptr + data.len != dn.ptr + dn.len) { written = snprintf(buf, len, ", "); + if (written < 0 || written >= len) + { + break; + } buf += written; len -= written; } diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 47c9cec..2d452cc 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -538,6 +538,10 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, { written = snprintf(pos, len, ", %Y", id); } + if (written < 0 || written >= len) + { + break; + } pos += written; len -= written; } -- 1.7.0.4