From f7d1db6cc1bed058ca03747f5c6bdd07ce12be27 Mon Sep 17 00:00:00 2001 From: John Conroy Date: Wed, 13 Jul 2016 17:03:11 -0400 Subject: [PATCH] Truncate strjoin arguments if > DATA_MAX_NAME_LEN If strjoin() runs out of buffer space when joining strings, use the remainder of available space rather than skipping additional strings Reworked return() to avoid extra strlen() call --- src/daemon/common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/daemon/common.c b/src/daemon/common.c index 05b11990..d1d8bf15 100644 --- a/src/daemon/common.c +++ b/src/daemon/common.c @@ -366,10 +366,12 @@ int strjoin (char *buffer, size_t buffer_size, ptr += sep_len; avail -= sep_len; } + if (avail == 0) + return (-1); field_len = strlen (fields[i]); if (avail < field_len) - return (-1); + field_len = avail; memcpy (ptr, fields[i], field_len); ptr += field_len; @@ -377,7 +379,7 @@ int strjoin (char *buffer, size_t buffer_size, } assert (buffer[buffer_size - 1] == 0); - return ((int) strlen (buffer)); + return ((int) ((buffer_size - 1) - avail)); } int escape_string (char *buffer, size_t buffer_size) -- 2.30.2