The check does only for strlen(line) space and buf_printf will only use at most
space -1
and not print the final character ('\n') in this corner. Since a missing \n
only breaks
certificates at the start and end marker, missing line breaks otherwise do not
trigger this
error.
---
src/openvpn/buffer.h | 5 ++++-
src/openvpn/options.c | 3 ++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 5695f64..0dc511b 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -329,7 +329,10 @@ has_digit (const unsigned char* src)
}
/*
- * printf append to a buffer with overflow check
+ * printf append to a buffer with overflow check,
+ * due to usage of vsnprintf, it will leave space for
+ * a final null character and thus use only
+ * capacity - 1
*/
bool buf_printf (struct buffer *buf, const char *format, ...)
#ifdef __GNUC__
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 93baa2b..737d9a2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3712,7 +3712,7 @@ read_inline_file (struct in_src *is, const char
*close_tag, struct gc_arena *gc)
endtagfound = true;
break;
}
- if (!buf_safe (&buf, strlen(line)))
+ if (!buf_safe (&buf, strlen(line)+1))
{
/* Increase buffer size */
struct buffer buf2 = alloc_buf (buf.capacity * 2);
@@ -3722,6 +3722,7 @@ read_inline_file (struct in_src *is, const char
*close_tag, struct gc_arena *gc)
buf = buf2;
}
buf_printf (&buf, "%s", line);
+
}
if (!endtagfound)
msg (M_FATAL, "ERROR: Endtag %s missing", close_tag);
--
1.9.1
