From 7369d96f8361c523a7ae4753391a9a7336a89fb8 Mon Sep 17 00:00:00 2001 From: Benny Prijono Date: Tue, 8 Oct 2013 09:08:13 +0000 Subject: Re #1703: fixing general bugs. First installment: correct handling of snprintf return value git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4613 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib-util/src/pjlib-util/dns_dump.c | 8 ++++---- pjlib-util/src/pjlib-util/errno.c | 3 ++- pjlib-util/src/pjlib-util/http_client.c | 12 ++++++++---- 3 files changed, 14 insertions(+), 9 deletions(-) (limited to 'pjlib-util') diff --git a/pjlib-util/src/pjlib-util/dns_dump.c b/pjlib-util/src/pjlib-util/dns_dump.c index 95e58c79..c3c776ba 100644 --- a/pjlib-util/src/pjlib-util/dns_dump.c +++ b/pjlib-util/src/pjlib-util/dns_dump.c @@ -36,7 +36,7 @@ static const char *spell_ttl(char *buf, int size, unsigned ttl) if (ttl > DAY) { len = pj_ansi_snprintf(p, size, "%dd ", ttl/DAY); - if (len < 1) + if (len < 1 || len >= size) return "-err-"; size -= len; p += len; @@ -45,7 +45,7 @@ static const char *spell_ttl(char *buf, int size, unsigned ttl) if (ttl > HOUR) { len = pj_ansi_snprintf(p, size, "%dh ", ttl/HOUR); - if (len < 1) + if (len < 1 || len >= size) return "-err-"; size -= len; p += len; @@ -54,7 +54,7 @@ static const char *spell_ttl(char *buf, int size, unsigned ttl) if (ttl > MINUTE) { len = pj_ansi_snprintf(p, size, "%dm ", ttl/MINUTE); - if (len < 1) + if (len < 1 || len >= size) return "-err-"; size -= len; p += len; @@ -63,7 +63,7 @@ static const char *spell_ttl(char *buf, int size, unsigned ttl) if (ttl > 0) { len = pj_ansi_snprintf(p, size, "%ds ", ttl); - if (len < 1) + if (len < 1 || len >= size) return "-err-"; size -= len; p += len; diff --git a/pjlib-util/src/pjlib-util/errno.c b/pjlib-util/src/pjlib-util/errno.c index 1949d05e..29bd765b 100644 --- a/pjlib-util/src/pjlib-util/errno.c +++ b/pjlib-util/src/pjlib-util/errno.c @@ -166,7 +166,8 @@ pj_str_t pjlib_util_strerror(pj_status_t statcode, errstr.slen = pj_ansi_snprintf(buf, bufsize, "Unknown pjlib-util error %d", statcode); - + if (errstr.slen < 1 || errstr.slen >= (pj_ssize_t)bufsize) + errstr.slen = bufsize - 1; return errstr; } diff --git a/pjlib-util/src/pjlib-util/http_client.c b/pjlib-util/src/pjlib-util/http_client.c index 941683ef..ceb4c602 100644 --- a/pjlib-util/src/pjlib-util/http_client.c +++ b/pjlib-util/src/pjlib-util/http_client.c @@ -1358,6 +1358,7 @@ static pj_status_t auth_respond_digest(pj_http_req *hreq) if (chal->qop.slen == 0) { const pj_str_t STR_MD5 = { "MD5", 3 }; + int max_len; /* Server doesn't require quality of protection. */ auth_create_digest_response(&digest_response, cred, @@ -1365,8 +1366,9 @@ static pj_status_t auth_respond_digest(pj_http_req *hreq) &hreq->hurl.path, &chal->realm, &hreq->param.method); + max_len = len; len = pj_ansi_snprintf( - phdr->value.ptr, len, + phdr->value.ptr, max_len, "Digest username=\"%.*s\", " "realm=\"%.*s\", " "nonce=\"%.*s\", " @@ -1379,7 +1381,7 @@ static pj_status_t auth_respond_digest(pj_http_req *hreq) STR_PREC(hreq->hurl.path), STR_PREC(STR_MD5), STR_PREC(digest_response)); - if (len < 0) + if (len < 0 || len >= max_len) return PJ_ETOOSMALL; phdr->value.slen = len; @@ -1391,13 +1393,15 @@ static pj_status_t auth_respond_digest(pj_http_req *hreq) const pj_str_t qop = pj_str("auth"); const pj_str_t nc = pj_str("00000001"); const pj_str_t cnonce = pj_str("b39971"); + int max_len; auth_create_digest_response(&digest_response, cred, &chal->nonce, &nc, &cnonce, &qop, &hreq->hurl.path, &chal->realm, &hreq->param.method); + max_len = len; len = pj_ansi_snprintf( - phdr->value.ptr, len, + phdr->value.ptr, max_len, "Digest username=\"%.*s\", " "realm=\"%.*s\", " "nonce=\"%.*s\", " @@ -1416,7 +1420,7 @@ static pj_status_t auth_respond_digest(pj_http_req *hreq) STR_PREC(qop), STR_PREC(nc), STR_PREC(cnonce)); - if (len < 0) + if (len < 0 || len >= max_len) return PJ_ETOOSMALL; phdr->value.slen = len; -- cgit v1.2.3