Detect or avoid integer overflow in string formatting helpers.

author: Michael Stone <michael@laptop.org> 2008-01-25 08:41:37 (GMT)
committer: Michael Stone <michael@laptop.org> 2008-01-25 08:41:37 (GMT)
commit: 5426c37456b3e12105ed46713e544d0aea81b392 (patch)
tree: 68db5530d7397929bf8df5df78da57bb63e85b2e
parent: 9c373de91bc963e1ff675e12ef5201b31193407f (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/nss-rainbow.c b/nss-rainbow.c
index 533ca88..c108799 100644
--- a/nss-rainbow.c
+++ b/nss-rainbow.c
@@ -51,7 +51,8 @@ int write_buf(char** buf, size_t * buflen, const char* val)
    * *buf and val should not overlap.
    */
 
-  size_t copy_amt = strlen(val) + 1;
+  LET(size_t copy_amt = strlen(val) + 1, copy_amt == 0,
+      "Integer overflow.", out_err_overflow);
 
   if (*buflen < copy_amt)
     goto out_err_range;
@@ -62,6 +63,10 @@ int write_buf(char** buf, size_t * buflen, const char* val)
   *buflen -= copy_amt;
   return 1;
 
+out_err_overflow:
+  errno = EOVERFLOW;
+  return 0;
+
 out_err_range:
   errno = ERANGE;
   return 0;
@@ -93,13 +98,14 @@ int format_buf(char** buf, size_t* buflen, const char* fmt, ...)
   if (status < 0)
     goto out_err;
 
-  if (safe_buflen < (size_t) status) {
+  size_t written = (size_t) status;
+  if (safe_buflen < written) {
     errno = ERANGE;
     goto out_err;
   }
 
-  *buf += status+1;
-  *buflen -= status+1;
+  *buf += written+1;
+  *buflen -= written+1;
   return 1;
 
 out_err:
author	Michael Stone <michael@laptop.org>	2008-01-25 08:41:37 (GMT)
committer	Michael Stone <michael@laptop.org>	2008-01-25 08:41:37 (GMT)
commit	5426c37456b3e12105ed46713e544d0aea81b392 (patch)
tree	68db5530d7397929bf8df5df78da57bb63e85b2e
parent	9c373de91bc963e1ff675e12ef5201b31193407f (diff)