[MERGED] libosmo-sccp[master]: sccp_helpers: check buf len in append_to_buf()

Harald Welte Wed, 09 Aug 2017 05:59:18 -0700

Harald Welte has submitted this change and it was merged.

Change subject: sccp_helpers: check buf len in append_to_buf()
......................................................................



sccp_helpers: check buf len in append_to_buf()

Change-Id: I2e6d656871f952be8e719573fedf2154832841d7
---
M src/sccp_helpers.c
1 file changed, 21 insertions(+), 18 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/sccp_helpers.c b/src/sccp_helpers.c
index db562db..1e83c8c 100644
--- a/src/sccp_helpers.c
+++ b/src/sccp_helpers.c
@@ -230,16 +230,19 @@
        return osmo_sccp_tx_conn_resp_msg(scu, conn_id, resp_addr, msg);
 }
 
-static void append_to_buf(char *buf, bool *comma, const char *fmt, ...)
+static void append_to_buf(char *buf, size_t size, bool *comma, const char 
*fmt, ...)
 {
        va_list ap;
+       size_t printed;
 
        va_start(ap, fmt);
        if (*comma == true) {
                strcat(buf, ",");
        } else
                *comma = true;
-       vsprintf(buf+strlen(buf), fmt, ap);
+       printed = strlen(buf);
+       OSMO_ASSERT(printed <= size);
+       vsnprintf(buf + printed, size - printed, fmt, ap);
        va_end(ap);
 }
 
@@ -260,16 +263,16 @@
        if (gt->gti == OSMO_SCCP_GTI_TT_ONLY ||
            gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC ||
            gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-               append_to_buf(buf, &comma, "TT=%u", gt->tt);
+               append_to_buf(buf, sizeof(buf), &comma, "TT=%u", gt->tt);
 
        if (gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC ||
            gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-               append_to_buf(buf, &comma, "NPL=%u", gt->npi);
+               append_to_buf(buf, sizeof(buf), &comma, "NPL=%u", gt->npi);
 
        if (gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-               append_to_buf(buf, &comma, "NAI=%u", gt->nai);
+               append_to_buf(buf, sizeof(buf), &comma, "NAI=%u", gt->nai);
 
-       append_to_buf(buf, &comma, "DIG=%s", gt->digits);
+       append_to_buf(buf, sizeof(buf), &comma, "DIG=%s", gt->digits);
 
        return buf;
 }
@@ -282,17 +285,17 @@
 
        buf[0] = '\0';
 
-       append_to_buf(buf, &comma, "RI=%d", addr->ri);
+       append_to_buf(buf, sizeof(buf), &comma, "RI=%d", addr->ri);
 
        if (addr->presence & OSMO_SCCP_ADDR_T_PC)
-               append_to_buf(buf, &comma, "PC=%u", addr->pc);
+               append_to_buf(buf, sizeof(buf), &comma, "PC=%u", addr->pc);
        if (addr->presence & OSMO_SCCP_ADDR_T_SSN)
-               append_to_buf(buf, &comma, "SSN=%u", addr->ssn);
+               append_to_buf(buf, sizeof(buf), &comma, "SSN=%u", addr->ssn);
        if (addr->presence & OSMO_SCCP_ADDR_T_IPv4)
-               append_to_buf(buf, &comma, "IP=%s", inet_ntoa(addr->ip.v4));
-       append_to_buf(buf, &comma, "GTI=%u", addr->gt.gti);
+               append_to_buf(buf, sizeof(buf), &comma, "IP=%s", 
inet_ntoa(addr->ip.v4));
+       append_to_buf(buf, sizeof(buf), &comma, "GTI=%u", addr->gt.gti);
        if (addr->presence & OSMO_SCCP_ADDR_T_GT)
-               append_to_buf(buf, &comma, "GT=(%s)", 
osmo_sccp_gt_dump(&addr->gt));
+               append_to_buf(buf, sizeof(buf), &comma, "GT=(%s)", 
osmo_sccp_gt_dump(&addr->gt));
 
        return buf;
 }
@@ -305,17 +308,17 @@
 
        buf[0] = '\0';
 
-       append_to_buf(buf, &comma, "RI=%s", 
osmo_sccp_routing_ind_name(addr->ri));
+       append_to_buf(buf, sizeof(buf), &comma, "RI=%s", 
osmo_sccp_routing_ind_name(addr->ri));
 
        if (addr->presence & OSMO_SCCP_ADDR_T_PC)
-               append_to_buf(buf, &comma, "PC=%s", 
osmo_ss7_pointcode_print(ss7, addr->pc));
+               append_to_buf(buf, sizeof(buf), &comma, "PC=%s", 
osmo_ss7_pointcode_print(ss7, addr->pc));
        if (addr->presence & OSMO_SCCP_ADDR_T_SSN)
-               append_to_buf(buf, &comma, "SSN=%s", 
osmo_sccp_ssn_name(addr->ssn));
+               append_to_buf(buf, sizeof(buf), &comma, "SSN=%s", 
osmo_sccp_ssn_name(addr->ssn));
        if (addr->presence & OSMO_SCCP_ADDR_T_IPv4)
-               append_to_buf(buf, &comma, "IP=%s", inet_ntoa(addr->ip.v4));
-       append_to_buf(buf, &comma, "GTI=%s", osmo_sccp_gti_name(addr->gt.gti));
+               append_to_buf(buf, sizeof(buf), &comma, "IP=%s", 
inet_ntoa(addr->ip.v4));
+       append_to_buf(buf, sizeof(buf), &comma, "GTI=%s", 
osmo_sccp_gti_name(addr->gt.gti));
        if (addr->presence & OSMO_SCCP_ADDR_T_GT)
-               append_to_buf(buf, &comma, "GT=(%s)", 
osmo_sccp_gt_dump(&addr->gt));
+               append_to_buf(buf, sizeof(buf), &comma, "GT=(%s)", 
osmo_sccp_gt_dump(&addr->gt));
 
        return buf;
 }

-- 
To view, visit https://gerrit.osmocom.org/3366
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2e6d656871f952be8e719573fedf2154832841d7
Gerrit-PatchSet: 4
Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofm...@sysmocom.de>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder

[MERGED] libosmo-sccp[master]: sccp_helpers: check buf len in append_to_buf()

Reply via email to