The branch master has been updated via d32fc2c51b74c135ae09c3bb04ebe5781edd7571 (commit) via 586d9436c807f5ee5aa82dab79cc6ee40b28bb3e (commit) via 4e1ebda9d9f079ba25638aa8b61393865520c2b1 (commit) from 5c107243877121f84037a5aaf19457f87458e8ed (commit)
- Log ----------------------------------------------------------------- commit d32fc2c51b74c135ae09c3bb04ebe5781edd7571 Author: Pauli <pa...@openssl.org> Date: Tue Apr 13 07:47:31 2021 +1000 bio_printf: add \0 terminators for error returns in floating point conversions. Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14829) commit 586d9436c807f5ee5aa82dab79cc6ee40b28bb3e Author: Pauli <pa...@openssl.org> Date: Mon Apr 12 13:52:19 2021 +1000 bio: note that BIO_sprintf null terminates on insufficient space. Fixes: #14772 Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14829) commit 4e1ebda9d9f079ba25638aa8b61393865520c2b1 Author: Pauli <pa...@openssl.org> Date: Mon Apr 12 11:36:50 2021 +1000 bio: add a malloc failed error to BIO_print Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14829) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 14 ++++++++++---- doc/man3/BIO_printf.pod | 14 ++++++++++---- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 08d43d3bd5..2f012f42f2 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -620,6 +620,7 @@ fmtfp(char **sbuffer, /* * Should not happen. If we're in F_FORMAT then exp < max? */ + (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); return 0; } } else { @@ -641,6 +642,7 @@ fmtfp(char **sbuffer, */ if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ + (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); return 0; } intpart = (unsigned long)ufvalue; @@ -704,8 +706,10 @@ fmtfp(char **sbuffer, tmpexp = (tmpexp / 10); } while (tmpexp > 0 && eplace < (int)sizeof(econvert)); /* Exponent is huge!! Too big to print */ - if (tmpexp > 0) + if (tmpexp > 0) { + (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); return 0; + } /* Add a leading 0 for single digit exponents */ if (eplace == 1) econvert[eplace++] = '0'; @@ -835,9 +839,12 @@ doapr_outch(char **sbuffer, *sbuffer = NULL; } else { char *tmpbuf; + tmpbuf = OPENSSL_realloc(*buffer, *maxlen); - if (tmpbuf == NULL) + if (tmpbuf == NULL) { + ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return 0; + } *buffer = tmpbuf; } } @@ -929,6 +936,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) * been large enough.) */ return -1; - else - return (retlen <= INT_MAX) ? (int)retlen : -1; + return (retlen <= INT_MAX) ? (int)retlen : -1; } diff --git a/doc/man3/BIO_printf.pod b/doc/man3/BIO_printf.pod index 2d7c230308..ce3e6b31ad 100644 --- a/doc/man3/BIO_printf.pod +++ b/doc/man3/BIO_printf.pod @@ -18,16 +18,16 @@ BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf =head1 DESCRIPTION BIO_printf() is similar to the standard C printf() function, except that -the output is sent to the specified BIO, B<bio>, rather than standard +the output is sent to the specified BIO, I<bio>, rather than standard output. All common format specifiers are supported. BIO_vprintf() is similar to the vprintf() function found on many platforms, -the output is sent to the specified BIO, B<bio>, rather than standard +the output is sent to the specified BIO, I<bio>, rather than standard output. All common format specifiers are supported. The argument -list B<args> is a stdarg argument list. +list I<args> is a stdarg argument list. BIO_snprintf() is for platforms that do not have the common snprintf() -function. It is like sprintf() except that the size parameter, B<n>, +function. It is like sprintf() except that the size parameter, I<n>, specifies the size of the output buffer. BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf(). @@ -38,6 +38,12 @@ All functions return the number of bytes written, or -1 on error. For BIO_snprintf() and BIO_vsnprintf() this includes when the output buffer is too small. +=head1 NOTES + +Except when I<n> is 0, both BIO_snprintf() and BIO_vsnprintf() terminate +their output with C<'\0'> even when there is insufficient space to output +the whole string. + =head1 COPYRIGHT Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.