Message ID | 20200623123403.31676-5-dxld@darkboxed.org |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show |
Series | [libnf_ct,resend,1/8] Handle negative snprintf return values properly | expand |
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c index 2f2f918..d00c5cb 100644 --- a/src/conntrack/snprintf_default.c +++ b/src/conntrack/snprintf_default.c @@ -108,7 +108,7 @@ static int __snprintf_address_ipv6(char *buf, if (!inet_ntop(AF_INET6, &dst, tmp, sizeof(tmp))) return -1; - ret = snprintf(buf+offset, len-size, "%s=%s ", dst_tag, tmp); + ret = snprintf(buf+offset, len, "%s=%s ", dst_tag, tmp); BUFFER_SIZE(ret, size, len, offset); return size;
The previous BUFFER_SIZE() call already updated the remaining 'len'. So there is no need to subtract 'size' again. While this just makes the buffer appear smaller than it is, which is mostly harmless, the subtraction might underflow as 'size > len' is not checked like BUFFER_SIZE() does. Signed-off-by: Daniel Gröber <dxld@darkboxed.org> --- src/conntrack/snprintf_default.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)