From 39a88c4c95b21e8368cafca27a0ae1df49a7a673 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 18 Jun 2010 09:28:11 +0200
Subject: [PATCH] snprintf() fixes, version 4.3.5
---
 .../credentials/ietf_attributes/ietf_attributes.c  |   13 +++++++++++--
 src/libstrongswan/utils/identification.c           |   12 ++++++++++++
 src/pluto/x509.c                                   |    4 ++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
index ff3ddeb..de5b85b 100644
--- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
+++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c
@@ -159,7 +159,7 @@ static char* get_string(private_ietf_attributes_t *this)
 		enumerator = this->list->create_enumerator(this->list);
 		while (enumerator->enumerate(enumerator, &attr))
 		{
-			int written = 0;
+			int written;

 			if (first)
 			{
@@ -168,8 +168,12 @@ static char* get_string(private_ietf_attributes_t *this)
 			else
 			{
 				written = snprintf(pos, len, ", ");
+				if (written < 0 || written >= len)
+				{
+					break;
+				}
 				pos += written;
-				len -= written;
+				len -= written;
 			}

 			switch (attr->type)
@@ -194,8 +198,13 @@ static char* get_string(private_ietf_attributes_t *this)
 					break;
 				}
 				default:
+					written = 0;
 					break;
 			}
+			if (written < 0 || written >= len)
+			{
+				break;
+			}
 			pos += written;
 			len -= written;
 		}
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index dfb6465..81ee390 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -300,6 +300,10 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
 		{
 			written = snprintf(buf, len,"%s=", oid_names[oid].name);
 		}
+		if (written < 0 || written >= len)
+		{
+			break;
+		}
 		buf += written;
 		len -= written;

@@ -311,12 +315,20 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
 		{
 			written = snprintf(buf, len, "%#B", &data);
 		}
+		if (written < 0 || written >= len)
+		{
+			break;
+		}
 		buf += written;
 		len -= written;

 		if (data.ptr + data.len != dn.ptr + dn.len)
 		{
 			written = snprintf(buf, len, ", ");
+			if (written < 0 || written >= len)
+			{
+				break;
+			}
 			buf += written;
 			len -= written;
 		}
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 47c9cec..2d452cc 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -538,6 +538,10 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert,
 				{
 					written = snprintf(pos, len, ", %Y", id);
 				}
+				if (written < 0 || written >= len)
+				{
+					break;
+				}
 				pos += written;
 				len -= written;
 			}
--
1.7.0.4