Browse code
Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit
The check does only for strlen(line) space and buf_printf will only use at
most space -1 and not print the final character ('\n') in this corner.
Since a missing \n only breaks certificates at the start and end marker,
missing line breaks otherwise do not trigger this error.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1438011191-19389-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9956
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d40cbf0e2601b35bfb1c0551c6f3907b5c5178ff)
Arne Schwabe authored on 2015/07/28 00:33:11Showing 2 changed files
| ... | ... |
@@ -308,7 +308,10 @@ has_digit (const unsigned char* src) |
| 308 | 308 |
} |
| 309 | 309 |
|
| 310 | 310 |
/* |
| 311 |
- * printf append to a buffer with overflow check |
|
| 311 |
+ * printf append to a buffer with overflow check, |
|
| 312 |
+ * due to usage of vsnprintf, it will leave space for |
|
| 313 |
+ * a final null character and thus use only |
|
| 314 |
+ * capacity - 1 |
|
| 312 | 315 |
*/ |
| 313 | 316 |
bool buf_printf (struct buffer *buf, const char *format, ...) |
| 314 | 317 |
#ifdef __GNUC__ |
| ... | ... |
@@ -3766,7 +3766,7 @@ read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc) |
| 3766 | 3766 |
endtagfound = true; |
| 3767 | 3767 |
break; |
| 3768 | 3768 |
} |
| 3769 |
- if (!buf_safe (&buf, strlen(line))) |
|
| 3769 |
+ if (!buf_safe (&buf, strlen(line)+1)) |
|
| 3770 | 3770 |
{
|
| 3771 | 3771 |
/* Increase buffer size */ |
| 3772 | 3772 |
struct buffer buf2 = alloc_buf (buf.capacity * 2); |