The return value of snprintf() was frequently ignored and assumed to be non-negative and less than the buffer length. Rather than make these assumptions, always check the return value and abort() if the return value is unexpected.
https://sourceforge.net/p/rpstir/tickets/25/ Richard Hansen (5): fix off-by-one buffer truncation bugs use strncpy() instead of snprintf() to copy part of a string define xsnprintf() and xvsnprintf() for improved safety switch to xsnprintf() wherever the return value is blindly trusted call abort() if snprintf() returns negative bin/asn1/asn_dump.c | 11 +-- bin/rpki-object/makeROA.c | 5 +- bin/rpki-rsync/parse.c | 7 +- bin/rpki-rsync/sig_handler.c | 7 +- bin/rpki/chaser.c | 12 ++- bin/rpki/garbage.c | 45 +++++----- bin/rpki/query.c | 21 ++--- bin/rpki/rcli.c | 11 +-- lib/casn/casn_real.c | 13 ++- lib/config/config.c | 5 +- lib/configlib/config_load.c | 4 +- lib/configlib/configlib.c | 3 +- lib/configlib/types/path.c | 3 +- lib/configlib/types/sscanf.c | 15 ++-- lib/db/clients/chaser.c | 9 +- lib/rpki-rtr/pdu.c | 7 +- lib/rpki/cms/roa_general.c | 12 ++- lib/rpki/diru.c | 3 +- lib/rpki/initscm.c | 7 +- lib/rpki/myssl.c | 19 +++-- lib/rpki/querySupport.c | 59 ++++++------- lib/rpki/rpcommon.c | 77 ++++++++--------- lib/rpki/rpwork.c | 41 ++++----- lib/rpki/sqcon.c | 49 +++++------ lib/rpki/sqhl.c | 192 +++++++++++++++++++++---------------------- lib/util/stringutils.c | 29 +++++++ lib/util/stringutils.h | 24 ++++++ 27 files changed, 396 insertions(+), 294 deletions(-) -- 2.4.5 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ rpstir-devel mailing list rpstir-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rpstir-devel
