Changeset 4613 for pjproject/trunk/pjlib-util/src/pjlib-util/http_client.c

Timestamp:

Oct 8, 2013 9:08:13 AM (11 years ago)

Author:

bennylp

Message:

Re #1703: fixing general bugs. First installment: correct handling of snprintf return value

File:

• pjproject/trunk/pjlib-util/src/pjlib-util/http_client.c (modified) (6 diffs)

pjproject/trunk/pjlib-util/src/pjlib-util/http_client.c

@@ -1359 +1359 @@
     if (chal->qop.slen == 0) {
         const pj_str_t STR_MD5 = { "MD5", 3 };
+        int max_len;
 
         /* Server doesn't require quality of protection. */
@@ -1366 +1367 @@
                                     &hreq->param.method);
 
+        max_len = len;
         len = pj_ansi_snprintf(
-                phdr->value.ptr, len,
+                phdr->value.ptr, max_len,
                 "Digest username=\"%.*s\", "
                 "realm=\"%.*s\", "
@@ -1380 +1382 @@
                 STR_PREC(STR_MD5),
                 STR_PREC(digest_response));
-        if (len < 0)
+        if (len < 0 || len >= max_len)
             return PJ_ETOOSMALL;
         phdr->value.slen = len;
@@ -1392 +1394 @@
         const pj_str_t nc = pj_str("00000001");
         const pj_str_t cnonce = pj_str("b39971");
+        int max_len;
 
         auth_create_digest_response(&digest_response, cred,
@@ -1397 +1400 @@
                                     &hreq->hurl.path, &chal->realm,
                                     &hreq->param.method);
+        max_len = len;
         len = pj_ansi_snprintf(
-                phdr->value.ptr, len,
+                phdr->value.ptr, max_len,
                 "Digest username=\"%.*s\", "
                 "realm=\"%.*s\", "
@@ -1417 +1421 @@
                 STR_PREC(nc),
                 STR_PREC(cnonce));
-        if (len < 0)
+        if (len < 0 || len >= max_len)
             return PJ_ETOOSMALL;
         phdr->value.slen = len;