[MERGED] libosmo-sccp[master]: sccp_helpers: check buf len in append_to_buf()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Wed Aug 9 12:58:58 UTC 2017 

Harald Welte has submitted this change and it was merged.

Change subject: sccp_helpers: check buf len in append_to_buf()
......................................................................


sccp_helpers: check buf len in append_to_buf()

Change-Id: I2e6d656871f952be8e719573fedf2154832841d7
---
M src/sccp_helpers.c
1 file changed, 21 insertions(+), 18 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/sccp_helpers.c b/src/sccp_helpers.c
index db562db..1e83c8c 100644
--- a/src/sccp_helpers.c
+++ b/src/sccp_helpers.c
@@ -230,16 +230,19 @@
 	return osmo_sccp_tx_conn_resp_msg(scu, conn_id, resp_addr, msg);
 }
 
-static void append_to_buf(char *buf, bool *comma, const char *fmt, ...)
+static void append_to_buf(char *buf, size_t size, bool *comma, const char *fmt, ...)
 {
 	va_list ap;
+	size_t printed;
 
 	va_start(ap, fmt);
 	if (*comma == true) {
 		strcat(buf, ",");
 	} else
 		*comma = true;
-	vsprintf(buf+strlen(buf), fmt, ap);
+	printed = strlen(buf);
+	OSMO_ASSERT(printed <= size);
+	vsnprintf(buf + printed, size - printed, fmt, ap);
 	va_end(ap);
 }
 
@@ -260,16 +263,16 @@
 	if (gt->gti == OSMO_SCCP_GTI_TT_ONLY ||
 	    gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC ||
 	    gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-		append_to_buf(buf, &comma, "TT=%u", gt->tt);
+		append_to_buf(buf, sizeof(buf), &comma, "TT=%u", gt->tt);
 
 	if (gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC ||
 	    gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-		append_to_buf(buf, &comma, "NPL=%u", gt->npi);
+		append_to_buf(buf, sizeof(buf), &comma, "NPL=%u", gt->npi);
 
 	if (gt->gti == OSMO_SCCP_GTI_TT_NPL_ENC_NAI)
-		append_to_buf(buf, &comma, "NAI=%u", gt->nai);
+		append_to_buf(buf, sizeof(buf), &comma, "NAI=%u", gt->nai);
 
-	append_to_buf(buf, &comma, "DIG=%s", gt->digits);
+	append_to_buf(buf, sizeof(buf), &comma, "DIG=%s", gt->digits);
 
 	return buf;
 }
@@ -282,17 +285,17 @@
 
 	buf[0] = '\0';
 
-	append_to_buf(buf, &comma, "RI=%d", addr->ri);
+	append_to_buf(buf, sizeof(buf), &comma, "RI=%d", addr->ri);
 
 	if (addr->presence & OSMO_SCCP_ADDR_T_PC)
-		append_to_buf(buf, &comma, "PC=%u", addr->pc);
+		append_to_buf(buf, sizeof(buf), &comma, "PC=%u", addr->pc);
 	if (addr->presence & OSMO_SCCP_ADDR_T_SSN)
-		append_to_buf(buf, &comma, "SSN=%u", addr->ssn);
+		append_to_buf(buf, sizeof(buf), &comma, "SSN=%u", addr->ssn);
 	if (addr->presence & OSMO_SCCP_ADDR_T_IPv4)
-		append_to_buf(buf, &comma, "IP=%s", inet_ntoa(addr->ip.v4));
-	append_to_buf(buf, &comma, "GTI=%u", addr->gt.gti);
+		append_to_buf(buf, sizeof(buf), &comma, "IP=%s", inet_ntoa(addr->ip.v4));
+	append_to_buf(buf, sizeof(buf), &comma, "GTI=%u", addr->gt.gti);
 	if (addr->presence & OSMO_SCCP_ADDR_T_GT)
-		append_to_buf(buf, &comma, "GT=(%s)", osmo_sccp_gt_dump(&addr->gt));
+		append_to_buf(buf, sizeof(buf), &comma, "GT=(%s)", osmo_sccp_gt_dump(&addr->gt));
 
 	return buf;
 }
@@ -305,17 +308,17 @@
 
 	buf[0] = '\0';
 
-	append_to_buf(buf, &comma, "RI=%s", osmo_sccp_routing_ind_name(addr->ri));
+	append_to_buf(buf, sizeof(buf), &comma, "RI=%s", osmo_sccp_routing_ind_name(addr->ri));
 
 	if (addr->presence & OSMO_SCCP_ADDR_T_PC)
-		append_to_buf(buf, &comma, "PC=%s", osmo_ss7_pointcode_print(ss7, addr->pc));
+		append_to_buf(buf, sizeof(buf), &comma, "PC=%s", osmo_ss7_pointcode_print(ss7, addr->pc));
 	if (addr->presence & OSMO_SCCP_ADDR_T_SSN)
-		append_to_buf(buf, &comma, "SSN=%s", osmo_sccp_ssn_name(addr->ssn));
+		append_to_buf(buf, sizeof(buf), &comma, "SSN=%s", osmo_sccp_ssn_name(addr->ssn));
 	if (addr->presence & OSMO_SCCP_ADDR_T_IPv4)
-		append_to_buf(buf, &comma, "IP=%s", inet_ntoa(addr->ip.v4));
-	append_to_buf(buf, &comma, "GTI=%s", osmo_sccp_gti_name(addr->gt.gti));
+		append_to_buf(buf, sizeof(buf), &comma, "IP=%s", inet_ntoa(addr->ip.v4));
+	append_to_buf(buf, sizeof(buf), &comma, "GTI=%s", osmo_sccp_gti_name(addr->gt.gti));
 	if (addr->presence & OSMO_SCCP_ADDR_T_GT)
-		append_to_buf(buf, &comma, "GT=(%s)", osmo_sccp_gt_dump(&addr->gt));
+		append_to_buf(buf, sizeof(buf), &comma, "GT=(%s)", osmo_sccp_gt_dump(&addr->gt));
 
 	return buf;
 }

-- 
To view, visit https://gerrit.osmocom.org/3366
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2e6d656871f952be8e719573fedf2154832841d7
Gerrit-PatchSet: 4
Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder

More information about the gerrit-log mailing list