5ea39608de
- conntrack: fix compiler warnings - src: fix strncpy -Wstringop-truncation warnings - connntrack: Fix for memleak when parsing -j arg - Drop pointless assignments - Don't call exit() from signal handler - read_config_yy: Drop extra argument from dlog() call - helpers: ftp: Avoid ugly casts - Fix potential buffer overrun in snprintf() calls - cache: Fix features array allocation - hash: Flush tables when destroying Resolves: rhbz#2068443
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
From a26eb6eba3f318271d3fbd52152ad43acfc15393 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Thu, 24 Mar 2022 18:14:50 +0100
|
|
Subject: [PATCH] Fix potential buffer overrun in snprintf() calls
|
|
|
|
When consecutively printing into the same buffer at increasing offset,
|
|
reduce buffer size passed to snprintf() to not defeat its size checking.
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
(cherry picked from commit 0e05989f3247e9aef0d96aafc144b2d853732891)
|
|
---
|
|
src/process.c | 2 +-
|
|
src/queue.c | 4 ++--
|
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/process.c b/src/process.c
|
|
index 3ddad5ffa7959..08598eeae84de 100644
|
|
--- a/src/process.c
|
|
+++ b/src/process.c
|
|
@@ -84,7 +84,7 @@ void fork_process_dump(int fd)
|
|
int size = 0;
|
|
|
|
list_for_each_entry(this, &process_list, head) {
|
|
- size += snprintf(buf+size, sizeof(buf),
|
|
+ size += snprintf(buf + size, sizeof(buf) - size,
|
|
"PID=%u type=%s\n",
|
|
this->pid,
|
|
this->type < CTD_PROC_MAX ?
|
|
diff --git a/src/queue.c b/src/queue.c
|
|
index 76425b18495b5..e94dc7c45d1fd 100644
|
|
--- a/src/queue.c
|
|
+++ b/src/queue.c
|
|
@@ -69,12 +69,12 @@ void queue_stats_show(int fd)
|
|
int size = 0;
|
|
char buf[512];
|
|
|
|
- size += snprintf(buf+size, sizeof(buf),
|
|
+ size += snprintf(buf + size, sizeof(buf) - size,
|
|
"allocated queue nodes:\t\t%12u\n\n",
|
|
qobjects_num);
|
|
|
|
list_for_each_entry(this, &queue_list, list) {
|
|
- size += snprintf(buf+size, sizeof(buf),
|
|
+ size += snprintf(buf + size, sizeof(buf) - size,
|
|
"queue %s:\n"
|
|
"current elements:\t\t%12u\n"
|
|
"maximum elements:\t\t%12u\n"
|
|
--
|
|
2.34.1
|
|
|