krishnanadh / rpms / rasdaemon

Forked from rpms/rasdaemon a year ago
Clone
d9e469
From 59f6c44864f914a189cb924dd8fea14cc314bf3f Mon Sep 17 00:00:00 2001
d9e469
From: Aristeu Rozanski <arozansk@redhat.com>
d9e469
Date: Mon, 23 Jun 2014 15:43:41 -0400
d9e469
Subject: [PATCH 1/2] rasdaemon: handle failures of snprintf()
d9e469
d9e469
Florian Weimer found that in bitfield_msg() the return value of
d9e469
snprintf() is used to calculate length ignoring that it can return a
d9e469
negative number. This patch makes bitfield_msg() to stop writing in such
d9e469
case.
d9e469
d9e469
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1035741
d9e469
d9e469
Reported-by: Florian Weimer <fweimer@redhat.com>
d9e469
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
d9e469
---
d9e469
 bitfield.c |    4 ++++
d9e469
 1 files changed, 4 insertions(+), 0 deletions(-)
d9e469
d9e469
diff --git a/bitfield.c b/bitfield.c
d9e469
index b2895b4..1690f15 100644
d9e469
--- a/bitfield.c
d9e469
+++ b/bitfield.c
d9e469
@@ -41,6 +41,8 @@ unsigned bitfield_msg(char *buf, size_t len, const char **bitarray,
d9e469
 		if (status & (1 <<  (i + bit_offset))) {
d9e469
 			if (p != buf) {
d9e469
 				n = snprintf(p, len, ", ");
d9e469
+				if (n < 0)
d9e469
+					break;
d9e469
 				len -= n;
d9e469
 				p += n;
d9e469
 			}
d9e469
@@ -48,6 +50,8 @@ unsigned bitfield_msg(char *buf, size_t len, const char **bitarray,
d9e469
 				n = snprintf(p, len, "BIT%d", i + bit_offset);
d9e469
 			else
d9e469
 				n = snprintf(p, len, "%s", bitarray[i]);
d9e469
+			if (n < 0)
d9e469
+				break;
d9e469
 			len -= n;
d9e469
 			p += n;
d9e469
 		}
d9e469
-- 
d9e469
1.7.1
d9e469