This may be a bit heavy-handed, but it's better than continuing with unexpected behavior. Eventually we may want to replace these with more graceful error handling code. --- bin/rpki/chaser.c | 12 ++++++++++-- lib/casn/casn_real.c | 10 ++++++++-- lib/configlib/types/sscanf.c | 10 +++++++--- lib/rpki-rtr/pdu.c | 7 ++++++- lib/rpki/cms/roa_general.c | 5 +++++ 5 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/bin/rpki/chaser.c b/bin/rpki/chaser.c index 0f4dfdd..605b81a 100644 --- a/bin/rpki/chaser.c +++ b/bin/rpki/chaser.c @@ -447,7 +447,11 @@ static int handle_uri_string( } else if (-3 == ret) { - snprintf(scrubbed_str2, 50, "%s", scrubbed_str); + int len = snprintf(scrubbed_str2, 50, "%s", scrubbed_str); + if (len < 0) + { + abort(); + } LOG(LOG_WARNING, "uri too long, dropping: %s <truncated>", scrubbed_str2); goto get_next_section; @@ -760,7 +764,11 @@ int main( if (DB_URI_LEN < strlen(uri)) { scrub_for_print(scrubbed_str, uri, DST_SZ, NULL, ""); - snprintf(msg, 50, "%s", scrubbed_str); + int len = snprintf(msg, 50, "%s", scrubbed_str); + if (len < 0) + { + abort(); + } LOG(LOG_WARNING, "uri from file too long, dropping: %s <truncated>", msg); continue; diff --git a/lib/casn/casn_real.c b/lib/casn/casn_real.c index 942ca1c..112b131 100644 --- a/lib/casn/casn_real.c +++ b/lib/casn/casn_real.c @@ -14,6 +14,7 @@ Remarks: char casn_real_sfcsid[] = "@(#)casn_real.c 860P"; #include <stdio.h> +#include <stdlib.h> #include "casn.h" #include "util/stringutils.h" @@ -285,8 +286,13 @@ int write_casn_double( else if (type == 10) { *locbuf = 3; - if (snprintf((char *)&locbuf[1], sizeof(locbuf) - 1, - DBL_PRINTF_EFORMAT, box.dbl_val) >= (int)sizeof(locbuf) - 1) + int len = snprintf((char *)&locbuf[1], sizeof(locbuf) - 1, + DBL_PRINTF_EFORMAT, box.dbl_val); + if (len < 0) + { + abort(); + } + if (len >= (int)sizeof(locbuf) - 1) return _casn_obj_err(casnp, ASN_BOUNDS_ERR); for (c = &locbuf[1]; *c; c++); // go to end while (*(--c) == ' ') diff --git a/lib/configlib/types/sscanf.c b/lib/configlib/types/sscanf.c index 2f3a198..93ac9a8 100644 --- a/lib/configlib/types/sscanf.c +++ b/lib/configlib/types/sscanf.c @@ -29,9 +29,13 @@ bool config_type_sscanf_converter( return false; } - if ((ssize_t) - xsnprintf(scan_format, sizeof(scan_format), "%%%s%%n", - args->scan_format) >= (ssize_t) sizeof(scan_format)) + int len = snprintf(scan_format, sizeof(scan_format), "%%%s%%n", + args->scan_format); + if (len < 0) + { + abort(); + } + if ((ssize_t)len >= (ssize_t) sizeof(scan_format)) { LOG(LOG_ERR, "scan_format too long: %s", args->scan_format); free(*data); diff --git a/lib/rpki-rtr/pdu.c b/lib/rpki-rtr/pdu.c index 728f513..e4b14de 100644 --- a/lib/rpki-rtr/pdu.c +++ b/lib/rpki-rtr/pdu.c @@ -585,7 +585,12 @@ void pdu_sprint( do { \ if (offset < PDU_SPRINT_BUFSZ) \ { \ - offset += snprintf(buffer + offset, PDU_SPRINT_BUFSZ - offset, format, ## __VA_ARGS__); \ + int SNPRINTF_ret = snprintf(buffer + offset, PDU_SPRINT_BUFSZ - offset, format, ## __VA_ARGS__); \ + if (SNPRINTF_ret < 0) \ + { \ + abort(); \ + } \ + offset += SNPRINTF_ret; \ } \ \ if (offset >= PDU_SPRINT_BUFSZ) \ diff --git a/lib/rpki/cms/roa_general.c b/lib/rpki/cms/roa_general.c index a034b3c..8cdc994 100644 --- a/lib/rpki/cms/roa_general.c +++ b/lib/rpki/cms/roa_general.c @@ -5,6 +5,7 @@ #include <assert.h> #include <arpa/inet.h> +#include <stdlib.h> #include <sys/socket.h> #include <netinet/in.h> #include "roa_utils.h" @@ -719,6 +720,10 @@ int roaGenerateFilter2( rstrp = &strp[used]; remLen += FILTER_INCR; } + if (iRes < 0) + { + abort(); + } remLen -= strlen(rstrp); rstrp += strlen(rstrp); -- 2.4.5 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ rpstir-devel mailing list rpstir-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rpstir-devel