RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-08 06:17:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

[MEDIUM] ensure we never overflow in chunk_printf()

Browse Source 
The result of the vsnprintf() called in chunk_printf() must be checked,
and should be added only if lower than the requested size. We simply
return zero if we cannot write the chunk.
This commit is contained in:
Willy Tarreau 2007-07-25 14:38:45 +02:00
parent ca769dc631
commit dceaa0894b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/buffers.c
View File

@ -193,9 +193,15 @@ int buffer_insert_line2(struct buffer *b, char *pos, const char *str, int len)
int chunk_printf(struct chunk *chk, int size, const char *fmt, ...)
{
va_list argp;
int ret;
va_start(argp, fmt);
chk->len += vsnprintf(chk->str + chk->len, size - chk->len, fmt, argp);
ret = vsnprintf(chk->str + chk->len, size - chk->len, fmt, argp);
if (ret >= size - chk->len)
/* do not copy anything in case of truncation */
chk->str[chk->len] = 0;
else
chk->len += ret;
va_end(argp);
return chk->len;
}