From d49a336658d772821bee2dbe97df3d4f748c8c4c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 23 Jun 2016 15:32:47 +0200 Subject: [PATCH] Force nul-termination of strings after vsnprintf(). Apparently, on Windows this function might not always be properly terminated. --- src/dropin.c | 1 + src/logger.c | 1 + src/protocol.c | 5 +++-- src/xmalloc.c | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/dropin.c b/src/dropin.c index eb17aca..cd5563a 100644 --- a/src/dropin.c +++ b/src/dropin.c @@ -140,6 +140,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) { va_copy(aq, ap); status = vsnprintf(*buf, len, fmt, aq); + buf[len - 1] = 0; va_end(aq); if(status >= 0) diff --git a/src/logger.c b/src/logger.c index 6765cc5..e0e6bca 100644 --- a/src/logger.c +++ b/src/logger.c @@ -109,6 +109,7 @@ void logger(int priority, const char *format, ...) { char message[4096]; const char *messages[] = {message}; vsnprintf(message, sizeof(message), format, ap); + message[sizeof message - 1] = 0; ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL); } #else diff --git a/src/protocol.c b/src/protocol.c index 5b8b7ba..fa169f3 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -75,10 +75,11 @@ bool send_request(connection_t *c, const char *format, ...) { input buffer anyway */ va_start(args, format); - len = vsnprintf(buffer, MAXBUFSIZE, format, args); + len = vsnprintf(buffer, sizeof buffer, format, args); + buffer[sizeof buffer - 1] = 0; va_end(args); - if(len < 0 || len > MAXBUFSIZE - 1) { + if(len < 0 || len > sizeof buffer - 1) { logger(LOG_ERR, "Output buffer overflow while sending request to %s (%s)", c->name, c->hostname); return false; diff --git a/src/xmalloc.c b/src/xmalloc.c index 39dc03c..a1b1fe8 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -155,6 +155,7 @@ int xvasprintf(char **strp, const char *fmt, va_list ap) { int result = vsnprintf(buf, sizeof buf, fmt, ap); if(result < 0) exit(xalloc_exit_failure); + buf[sizeof buf - 1] = 0; *strp = xstrdup(buf); #else int result = vasprintf(strp, fmt, ap); -- 2.25.1