From: Guus Sliepen Date: Thu, 23 Jun 2016 13:32:47 +0000 (+0200) Subject: Force nul-termination of strings after vsnprintf(). X-Git-Tag: release-1.0.29~6 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=d49a336658d772821bee2dbe97df3d4f748c8c4c;p=tinc Force nul-termination of strings after vsnprintf(). Apparently, on Windows this function might not always be properly terminated. --- diff --git a/src/dropin.c b/src/dropin.c index eb17acaa..cd5563ad 100644 --- a/src/dropin.c +++ b/src/dropin.c @@ -140,6 +140,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) { va_copy(aq, ap); status = vsnprintf(*buf, len, fmt, aq); + buf[len - 1] = 0; va_end(aq); if(status >= 0) diff --git a/src/logger.c b/src/logger.c index 6765cc5a..e0e6bcad 100644 --- a/src/logger.c +++ b/src/logger.c @@ -109,6 +109,7 @@ void logger(int priority, const char *format, ...) { char message[4096]; const char *messages[] = {message}; vsnprintf(message, sizeof(message), format, ap); + message[sizeof message - 1] = 0; ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL); } #else diff --git a/src/protocol.c b/src/protocol.c index 5b8b7ba3..fa169f32 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -75,10 +75,11 @@ bool send_request(connection_t *c, const char *format, ...) { input buffer anyway */ va_start(args, format); - len = vsnprintf(buffer, MAXBUFSIZE, format, args); + len = vsnprintf(buffer, sizeof buffer, format, args); + buffer[sizeof buffer - 1] = 0; va_end(args); - if(len < 0 || len > MAXBUFSIZE - 1) { + if(len < 0 || len > sizeof buffer - 1) { logger(LOG_ERR, "Output buffer overflow while sending request to %s (%s)", c->name, c->hostname); return false; diff --git a/src/xmalloc.c b/src/xmalloc.c index 39dc03c7..a1b1fe8b 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -155,6 +155,7 @@ int xvasprintf(char **strp, const char *fmt, va_list ap) { int result = vsnprintf(buf, sizeof buf, fmt, ap); if(result < 0) exit(xalloc_exit_failure); + buf[sizeof buf - 1] = 0; *strp = xstrdup(buf); #else int result = vasprintf(strp, fmt, ap);