From: Simon Ruderich Date: Tue, 6 Sep 2011 14:13:12 +0000 (+0200) Subject: Check return value of snprintf(). X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=a964f7f572ec43c2d2f143bdb4a467f1ea5dbc36;p=tlsproxy%2Ftlsproxy.git Check return value of snprintf(). --- diff --git a/src/connection.c b/src/connection.c index 1d94d79..ed8a594 100644 --- a/src/connection.c +++ b/src/connection.c @@ -371,7 +371,16 @@ static int initialize_tls_session_client(int peer_socket, hostname); return -1; } - snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname); + result = snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname); + if (result < 0) { + LOG_PERROR(LOG_ERROR, + "initialize_tls_session_client(): snprintf failed"); + return -1; + } else if ((size_t)result >= sizeof(path)) { + LOG(LOG_ERROR, + "initialize_tls_session_client(): snprintf buffer too short"); + return -1; + } result = gnutls_certificate_allocate_credentials(x509_cred); if (GNUTLS_E_SUCCESS != result) { @@ -555,15 +564,26 @@ static void tls_send_invalid_cert_message(gnutls_session_t session) { #define RESPONSE_ERROR "500 Internal Server Error" #define RESPONSE_MSG "Server certificate validation failed, check logs." + int result; char buffer[sizeof(HTTP_RESPONSE_FORMAT) - 1 /* '\0' */ - 4 * 2 /* four %s */ + (sizeof(RESPONSE_ERROR) - 1 /* '\0' */) * 3 + sizeof(RESPONSE_MSG) - 1 /* '\0' */ + 1 /* '\0' */]; - snprintf(buffer, sizeof(buffer), - HTTP_RESPONSE_FORMAT, - RESPONSE_ERROR, RESPONSE_ERROR, RESPONSE_ERROR, RESPONSE_MSG); + result = snprintf(buffer, sizeof(buffer), + HTTP_RESPONSE_FORMAT, + RESPONSE_ERROR, RESPONSE_ERROR, RESPONSE_ERROR, + RESPONSE_MSG); + if (result < 0) { + LOG_PERROR(LOG_ERROR, + "tls_send_invalid_cert_message(): snprintf failed"); + return; + } else if ((size_t)result >= sizeof(buffer)) { + LOG(LOG_ERROR, + "tls_send_invalid_cert_message(): snprintf buffer too short"); + return; + } gnutls_record_send(session, buffer, sizeof(buffer) - 1); /* don't send trailing '\0' */ diff --git a/src/verify.c b/src/verify.c index 5248dd6..63ca6da 100644 --- a/src/verify.c +++ b/src/verify.c @@ -157,6 +157,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) { int server_certificate_path(FILE **file, const char *hostname, char *path, size_t size) { + int result; + /* Hostname too long. */ if (size - strlen(STORED_SERVER_CERT_FORMAT) <= strlen(hostname)) { LOG(LOG_WARNING, @@ -171,7 +173,16 @@ int server_certificate_path(FILE **file, const char *hostname, hostname); return -1; } - snprintf(path, size, STORED_SERVER_CERT_FORMAT, hostname); + result = snprintf(path, size, STORED_SERVER_CERT_FORMAT, hostname); + if (result < 0) { + LOG_PERROR(LOG_ERROR, + "server_certificate_path(): snprintf failed"); + return -1; + } else if ((size_t)result >= size) { + LOG(LOG_ERROR, + "server_certificate_path(): snprintf buffer too short"); + return -1; + } /* Open the stored certificate file. */ *file = fopen(path, "rb");