[strongSwan] Accounting Tickets
Martin Willi
martin at strongswan.org
Fri Feb 24 15:23:59 CET 2012
Hello Thomas,
> C99 states it will always be zero terminated IIRC.
> So this is not a real issue.
I think it is save to snprintf() to short buffers, as long as you don't
rely on the return value for length calculations.
> - Return value of snprintf() is the number of bytes that would
> have been written -if- the destination buffer is not big enough.
> See also: http://lwn.net/Articles/69419/
>
> A quick grep showed that
>
> libstrongswan/plugins/pem/pem_encoder.c
>
> seems to be affected. What do you think?
While it is probably no good practice in pem_encoder.c, it seems to be
safe, because the buffer size is calculated:
> *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines);
So I don't think it is a real issue (and "label" usually does not come
from untrusted sources, but is hardcoded).
We had exactly that snprintf() flaw in older releases, see [1]. We
carefully reviewed the code for such misuses and fixed [2], [3] and [4].
But of course such input is always welcome, thanks!
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=NEWS;h=88ca4b1eec35cce61ac5fe994e9eeaea8143acf9;hb=HEAD#l351
[2]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=b8aeaea80c41550982bd06da2e46ba0297d5e945
[3]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=c118559afec96f5cd18509b9157b9c07724d550c
[4]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=018543f3a8b620c0604e0598cab72425569b2a15
More information about the Users
mailing list