snprintf() truncation occurs if the return value is greater than or
equal to the size of the buffer. Both write_casn_double() and
roaGenerateFilter2() were only checking to see if the return value was
greater than the buffer length. Switch to a greater-than-or-equal-to
check to ensure that any truncation is detected.
---
lib/casn/casn_real.c | 2 +-
lib/rpki/cms/roa_general.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/casn/casn_real.c b/lib/casn/casn_real.c
index 2e361ba..9d08d64 100644
--- a/lib/casn/casn_real.c
+++ b/lib/casn/casn_real.c
@@ -285,7 +285,7 @@ int write_casn_double(
{
*locbuf = 3;
if (snprintf((char *)&locbuf[1], sizeof(locbuf) - 1,
- DBL_PRINTF_EFORMAT, box.dbl_val) > (int)sizeof(locbuf) -
1)
+ DBL_PRINTF_EFORMAT, box.dbl_val) >= (int)sizeof(locbuf) -
1)
return _casn_obj_err(casnp, ASN_BOUNDS_ERR);
for (c = &locbuf[1]; *c; c++); // go to end
while (*(--c) == ' ')
diff --git a/lib/rpki/cms/roa_general.c b/lib/rpki/cms/roa_general.c
index e7e48e0..cf45bac 100644
--- a/lib/rpki/cms/roa_general.c
+++ b/lib/rpki/cms/roa_general.c
@@ -711,7 +711,7 @@ int roaGenerateFilter2(
for (j = 0; j < iAddrNum; j++)
{
while ((iRes = snprintf(rstrp, remLen, "%s %s %s\n", cSID, cAS_ID,
- pcAddresses[j])) > remLen)
+ pcAddresses[j])) >= remLen)
{
int used = rstrp - strp;
strp = (char *)realloc(strp, strLen += FILTER_INCR);
--
2.4.5
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
rpstir-devel mailing list
rpstir-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rpstir-devel
