diff options
| author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-12 08:16:03 +0000 |
|---|---|---|
| committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-12 08:16:03 +0000 |
| commit | ff6e774f38830cd812e88ea162def83ecd4bc1e1 (patch) | |
| tree | c662d1d87bb9a5f8f57e9177c094ccd26a5ce430 /lib/libc | |
| parent | 7b7d5a27be57e75ee1b161b6b080ba01c921a9e4 (diff) | |
Remove wrong snprintf(3) truncation checks, which can't be
triggered and are off-by-one anyways. Instead replace them
with correct checks and add all the missing cases.
ok deraadt@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/rpc/clnt_perror.c | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/lib/libc/rpc/clnt_perror.c b/lib/libc/rpc/clnt_perror.c index 788569b39e1..33ca619522a 100644 --- a/lib/libc/rpc/clnt_perror.c +++ b/lib/libc/rpc/clnt_perror.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clnt_perror.c,v 1.19 2006/09/17 17:00:38 thib Exp $ */ +/* $OpenBSD: clnt_perror.c,v 1.20 2007/09/12 08:16:02 moritz Exp $ */ /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape @@ -75,11 +75,9 @@ clnt_sperror(CLIENT *rpch, char *s) if (ret == -1) ret = 0; else if (ret >= len) - ret = len; + goto truncated; str += ret; len -= ret; - if (str > strstart + CLNT_PERROR_BUFLEN) - goto truncated; switch (e.re_status) { case RPC_SUCCESS: @@ -99,12 +97,17 @@ clnt_sperror(CLIENT *rpch, char *s) case RPC_CANTSEND: case RPC_CANTRECV: - snprintf(str, len, "; errno = %s", strerror(e.re_errno)); + ret = snprintf(str, len, "; errno = %s", strerror(e.re_errno)); + if (ret == -1 || ret >= len) + goto truncated; break; case RPC_VERSMISMATCH: - snprintf(str, len, "; low version = %u, high version = %u", + ret = snprintf(str, len, + "; low version = %u, high version = %u", e.re_vers.low, e.re_vers.high); + if (ret == -1 || ret >= len) + goto truncated; break; case RPC_AUTHERROR: @@ -112,33 +115,40 @@ clnt_sperror(CLIENT *rpch, char *s) if (ret == -1) ret = 0; else if (ret >= len) - ret = len; + goto truncated; str += ret; len -= ret; - if (str > strstart + CLNT_PERROR_BUFLEN) - goto truncated; err = auth_errmsg(e.re_why); if (err != NULL) { - snprintf(str, len, "%s", err); + ret = snprintf(str, len, "%s", err); + if (ret == -1 || ret >= len) + goto truncated; } else { - snprintf(str, len, + ret = snprintf(str, len, "(unknown authentication error - %d)", (int) e.re_why); + if (ret == -1 || ret >= len) + goto truncated; } break; case RPC_PROGVERSMISMATCH: - snprintf(str, len, "; low version = %u, high version = %u", + ret = snprintf(str, len, + "; low version = %u, high version = %u", e.re_vers.low, e.re_vers.high); + if (ret == -1 || ret >= len) + goto truncated; break; default: /* unknown */ - snprintf(str, len, "; s1 = %u, s2 = %u", + ret = snprintf(str, len, "; s1 = %u, s2 = %u", e.re_lb.s1, e.re_lb.s2); + if (ret == -1 || ret >= len) + goto truncated; break; } - strstart[CLNT_PERROR_BUFLEN-2] = '\0'; - strlcat(strstart, "\n", CLNT_PERROR_BUFLEN); + if (strlcat(strstart, "\n", CLNT_PERROR_BUFLEN) >= CLNT_PERROR_BUFLEN) + goto truncated; return (strstart); truncated: |