fix for potential buffer overflow in snprintf() (from OpenBSD)
This commit is contained in:
parent
c93c016461
commit
4b0ce4e260
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: gzio.c,v 1.13 2003/01/28 22:35:02 wiz Exp $ */
|
||||
/* $NetBSD: gzio.c,v 1.14 2003/03/05 01:15:48 christos Exp $ */
|
||||
|
||||
/* gzio.c -- IO on .gz files
|
||||
* Copyright (C) 1995-2002 Jean-loup Gailly.
|
||||
|
@ -7,7 +7,7 @@
|
|||
* Compile this file with -DNO_DEFLATE to avoid the compression code.
|
||||
*/
|
||||
|
||||
/* @(#) $Id: gzio.c,v 1.13 2003/01/28 22:35:02 wiz Exp $ */
|
||||
/* @(#) $Id: gzio.c,v 1.14 2003/03/05 01:15:48 christos Exp $ */
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
|
@ -532,13 +532,13 @@ int ZEXPORTVA gzprintf (gzFile file, const char *format, /* args */ ...)
|
|||
|
||||
va_start(va, format);
|
||||
#ifdef HAS_vsnprintf
|
||||
(void)vsnprintf(buf, sizeof(buf), format, va);
|
||||
len = vsnprintf(buf, sizeof(buf), format, va);
|
||||
#else
|
||||
(void)vsprintf(buf, format, va);
|
||||
len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
|
||||
#endif
|
||||
va_end(va);
|
||||
len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
|
||||
if (len <= 0) return 0;
|
||||
if (len <= 0 || len >= sizeof(buf)) return 0;
|
||||
|
||||
return gzwrite(file, buf, (unsigned)len);
|
||||
}
|
||||
|
@ -555,14 +555,14 @@ int ZEXPORTVA gzprintf (file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10,
|
|||
int len;
|
||||
|
||||
#ifdef HAS_snprintf
|
||||
snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
|
||||
len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
|
||||
a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
|
||||
#else
|
||||
sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
|
||||
a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
|
||||
#endif
|
||||
len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
|
||||
if (len <= 0) return 0;
|
||||
#endif
|
||||
if (len <= 0 || len >= sizeof(buf)) return 0;
|
||||
|
||||
return gzwrite(file, buf, len);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue