This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
int fd, len;
len = os_snprintf(buf, sizeof(buf), "%u\n", val);
- if (len < 0)
+ if (os_snprintf_error(sizeof(buf), len))
return -1;
fd = open(path, O_WRONLY);
ret = os_snprintf(value, size, "%u",
entry.uint32_value);
- if (ret <= 0)
+ if (os_snprintf_error(size, ret))
goto error;
} else if (entry.type == DBUS_TYPE_INT32) {
value = os_zalloc(size);
ret = os_snprintf(value, size, "%d",
entry.int32_value);
- if (ret <= 0)
+ if (os_snprintf_error(size, ret))
goto error;
} else
goto error;
goto error;
ret = os_snprintf(value, size, "%u",
entry.uint32_value);
- if (ret <= 0)
+ if (os_snprintf_error(size, ret))
goto error;
} else if (entry.type == DBUS_TYPE_INT32) {
value = os_zalloc(size);
goto error;
ret = os_snprintf(value, size, "%d",
entry.int32_value);
- if (ret <= 0)
+ if (os_snprintf_error(size, ret))
goto error;
} else
goto error;