Hello Thomas, > C99 states it will always be zero terminated IIRC. > So this is not a real issue.
I think it is save to snprintf() to short buffers, as long as you don't rely on the return value for length calculations. > - Return value of snprintf() is the number of bytes that would > have been written -if- the destination buffer is not big enough. > See also: http://lwn.net/Articles/69419/ > > A quick grep showed that > > libstrongswan/plugins/pem/pem_encoder.c > > seems to be affected. What do you think? While it is probably no good practice in pem_encoder.c, it seems to be safe, because the buffer size is calculated: > *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + > pem_lines); So I don't think it is a real issue (and "label" usually does not come from untrusted sources, but is hardcoded). We had exactly that snprintf() flaw in older releases, see [1]. We carefully reviewed the code for such misuses and fixed [2], [3] and [4]. But of course such input is always welcome, thanks! Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=NEWS;h=88ca4b1eec35cce61ac5fe994e9eeaea8143acf9;hb=HEAD#l351 [2]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=b8aeaea80c41550982bd06da2e46ba0297d5e945 [3]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=c118559afec96f5cd18509b9157b9c07724d550c [4]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=018543f3a8b620c0604e0598cab72425569b2a15 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users