[libnftnl PATCH v2] utils: fix buffer reallocation of nft

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [libnftnl PATCH v2] utils: fix buffer reallocation of nft_fprinft()
@ 2014-05-13  9:17 Arturo Borrero Gonzalez
  2014-05-13 15:23 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-05-13  9:17 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo

When _snprintf() reports it would print n characters, that n doesn't include
the trailing \0 that snprintf adds.

Thus, we need to [re]allocate n+1 characters.

While at it, change the reallocation trigger. If the length of the buffer we
used is equals to the expanded string length, the output has been truncated.
In other words, if ret == bufsiz, then the trailing \0 is missing.

Also, check if _snprintf() returned < 0, which means an error ocurred.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
v2: check if snprintf() calls failed. Replace calloc with malloc.

 src/utils.c |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/utils.c b/src/utils.c
index 18917f5..20a2fa3 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -195,17 +195,24 @@ int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags,
 	int ret;
 
 	ret = snprintf_cb(buf, bufsiz, obj, type, flags);
-	if (ret > NFT_SNPRINTF_BUFSIZ) {
-		buf = calloc(1, ret);
+	if (ret < 0)
+		goto out;
+
+	if (ret >= NFT_SNPRINTF_BUFSIZ) {
+		bufsiz = ret + 1;
+
+		buf = malloc(bufsiz);
 		if (buf == NULL)
 			return -1;
 
-		bufsiz = ret;
 		ret = snprintf_cb(buf, bufsiz, obj, type, flags);
+		if (ret < 0)
+			goto out;
 	}
 
 	ret = fprintf(fp, "%s", buf);
 
+out:
 	if (buf != _buf)
 		xfree(buf);
 


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [libnftnl PATCH v2] utils: fix buffer reallocation of nft_fprinft()
  2014-05-13  9:17 [libnftnl PATCH v2] utils: fix buffer reallocation of nft_fprinft() Arturo Borrero Gonzalez
@ 2014-05-13 15:23 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-05-13 15:23 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Tue, May 13, 2014 at 11:17:49AM +0200, Arturo Borrero Gonzalez wrote:
> When _snprintf() reports it would print n characters, that n doesn't include
> the trailing \0 that snprintf adds.
> 
> Thus, we need to [re]allocate n+1 characters.
> 
> While at it, change the reallocation trigger. If the length of the buffer we
> used is equals to the expanded string length, the output has been truncated.
> In other words, if ret == bufsiz, then the trailing \0 is missing.
> 
> Also, check if _snprintf() returned < 0, which means an error ocurred.

Applied, thanks Arturo.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-05-13 15:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-13  9:17 [libnftnl PATCH v2] utils: fix buffer reallocation of nft_fprinft() Arturo Borrero Gonzalez
2014-05-13 15:23 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).