From patchwork Tue May 13 07:08:15 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arturo Borrero X-Patchwork-Id: 348261 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id EDEE71400D4 for ; Tue, 13 May 2014 17:08:31 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751982AbaEMHIa (ORCPT ); Tue, 13 May 2014 03:08:30 -0400 Received: from smtp3.cica.es ([150.214.5.190]:50594 "EHLO smtp.cica.es" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750743AbaEMHI3 (ORCPT ); Tue, 13 May 2014 03:08:29 -0400 Received: from localhost (unknown [127.0.0.1]) by smtp.cica.es (Postfix) with ESMTP id 7F87551EEBB; Tue, 13 May 2014 07:08:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at cica.es Received: from smtp.cica.es ([127.0.0.1]) by localhost (mail.cica.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YaPnbCeb6ZCQ; Tue, 13 May 2014 09:08:17 +0200 (CEST) Received: from nfdev.cica.es (nfdev.cica.es [IPv6:2a00:9ac0:c1ca:31::220]) by smtp.cica.es (Postfix) with ESMTP id 658CA51EEB7; Tue, 13 May 2014 09:08:17 +0200 (CEST) Subject: [libnftnl PATCH v2] internal: fix SNPRINTF_BUFFER_SIZE macro To: netfilter-devel@vger.kernel.org From: Arturo Borrero Gonzalez Cc: pablo@netfilter.org Date: Tue, 13 May 2014 09:08:15 +0200 Message-ID: <20140513070735.16866.22056.stgit@nfdev.cica.es> User-Agent: StGit/0.15 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org We need to store in 'offset' the complete amount of characters as returned from _snprintf. The value means how many characters long needs the buffer to be in order to store the corresponding string expansion. Before this patch, in cases where the buffer is smaller than the expansion, then ret > len, and therefore ret = len. So when incrementing offset, we do it with a wrong value. All previous versions of libnftnl are unable to handle this situations: small buffers (or long string expansion). BTW, if a caller must reallocate a buffer to the returned value of snprintf, it should be ret + 1. While at it, let's add a check to know if the last snprintf call failed. Signed-off-by: Arturo Borrero Gonzalez --- v2: return if ret < 0. Increment size later. src/internal.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/src/internal.h b/src/internal.h index 6595e70..b06f166 100644 --- a/src/internal.h +++ b/src/internal.h @@ -183,10 +183,12 @@ struct nft_set_elem { }; #define SNPRINTF_BUFFER_SIZE(ret, size, len, offset) \ - size += ret; \ + if (ret < 0) \ + return ret; \ + offset += ret; \ if (ret > len) \ ret = len; \ - offset += ret; \ + size += ret; \ len -= ret; #define div_round_up(n, d) (((n) + (d) - 1) / (d))