This may be a bit heavy-handed, but it's better than continuing with
unexpected behavior. Eventually we may want to replace these with
more graceful error handling code.
---
bin/rpki/chaser.c | 12 ++++++++++--
lib/casn/casn_real.c | 10 ++++++++--
lib/configlib/types/sscanf.c | 10 +++++++---
lib/rpki-rtr/pdu.c | 7 ++++++-
lib/rpki/cms/roa_general.c | 5 +++++
5 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/bin/rpki/chaser.c b/bin/rpki/chaser.c
index 0f4dfdd..605b81a 100644
--- a/bin/rpki/chaser.c
+++ b/bin/rpki/chaser.c
@@ -447,7 +447,11 @@ static int handle_uri_string(
}
else if (-3 == ret)
{
- snprintf(scrubbed_str2, 50, "%s", scrubbed_str);
+ int len = snprintf(scrubbed_str2, 50, "%s", scrubbed_str);
+ if (len < 0)
+ {
+ abort();
+ }
LOG(LOG_WARNING, "uri too long, dropping: %s <truncated>",
scrubbed_str2);
goto get_next_section;
@@ -760,7 +764,11 @@ int main(
if (DB_URI_LEN < strlen(uri))
{
scrub_for_print(scrubbed_str, uri, DST_SZ, NULL, "");
- snprintf(msg, 50, "%s", scrubbed_str);
+ int len = snprintf(msg, 50, "%s", scrubbed_str);
+ if (len < 0)
+ {
+ abort();
+ }
LOG(LOG_WARNING,
"uri from file too long, dropping: %s <truncated>", msg);
continue;
diff --git a/lib/casn/casn_real.c b/lib/casn/casn_real.c
index 942ca1c..112b131 100644
--- a/lib/casn/casn_real.c
+++ b/lib/casn/casn_real.c
@@ -14,6 +14,7 @@ Remarks:
char casn_real_sfcsid[] = "@(#)casn_real.c 860P";
#include <stdio.h>
+#include <stdlib.h>
#include "casn.h"
#include "util/stringutils.h"
@@ -285,8 +286,13 @@ int write_casn_double(
else if (type == 10)
{
*locbuf = 3;
- if (snprintf((char *)&locbuf[1], sizeof(locbuf) - 1,
- DBL_PRINTF_EFORMAT, box.dbl_val) >= (int)sizeof(locbuf) -
1)
+ int len = snprintf((char *)&locbuf[1], sizeof(locbuf) - 1,
+ DBL_PRINTF_EFORMAT, box.dbl_val);
+ if (len < 0)
+ {
+ abort();
+ }
+ if (len >= (int)sizeof(locbuf) - 1)
return _casn_obj_err(casnp, ASN_BOUNDS_ERR);
for (c = &locbuf[1]; *c; c++); // go to end
while (*(--c) == ' ')
diff --git a/lib/configlib/types/sscanf.c b/lib/configlib/types/sscanf.c
index 2f3a198..93ac9a8 100644
--- a/lib/configlib/types/sscanf.c
+++ b/lib/configlib/types/sscanf.c
@@ -29,9 +29,13 @@ bool config_type_sscanf_converter(
return false;
}
- if ((ssize_t)
- xsnprintf(scan_format, sizeof(scan_format), "%%%s%%n",
- args->scan_format) >= (ssize_t) sizeof(scan_format))
+ int len = snprintf(scan_format, sizeof(scan_format), "%%%s%%n",
+ args->scan_format);
+ if (len < 0)
+ {
+ abort();
+ }
+ if ((ssize_t)len >= (ssize_t) sizeof(scan_format))
{
LOG(LOG_ERR, "scan_format too long: %s", args->scan_format);
free(*data);
diff --git a/lib/rpki-rtr/pdu.c b/lib/rpki-rtr/pdu.c
index 728f513..e4b14de 100644
--- a/lib/rpki-rtr/pdu.c
+++ b/lib/rpki-rtr/pdu.c
@@ -585,7 +585,12 @@ void pdu_sprint(
do { \
if (offset < PDU_SPRINT_BUFSZ) \
{ \
- offset += snprintf(buffer + offset,
PDU_SPRINT_BUFSZ - offset, format, ## __VA_ARGS__); \
+ int SNPRINTF_ret = snprintf(buffer + offset,
PDU_SPRINT_BUFSZ - offset, format, ## __VA_ARGS__); \
+ if (SNPRINTF_ret < 0) \
+ { \
+ abort(); \
+ } \
+ offset += SNPRINTF_ret; \
} \
\
if (offset >= PDU_SPRINT_BUFSZ) \
diff --git a/lib/rpki/cms/roa_general.c b/lib/rpki/cms/roa_general.c
index a034b3c..8cdc994 100644
--- a/lib/rpki/cms/roa_general.c
+++ b/lib/rpki/cms/roa_general.c
@@ -5,6 +5,7 @@
#include <assert.h>
#include <arpa/inet.h>
+#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include "roa_utils.h"
@@ -719,6 +720,10 @@ int roaGenerateFilter2(
rstrp = &strp[used];
remLen += FILTER_INCR;
}
+ if (iRes < 0)
+ {
+ abort();
+ }
remLen -= strlen(rstrp);
rstrp += strlen(rstrp);
--
2.4.5
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
rpstir-devel mailing list
rpstir-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rpstir-devel
