[dovecot] vsnprintf()

Thomas Wouters thomas at xs4all.net
Wed Oct 23 14:18:43 EEST 2002


I think I stumbled upon a bug in the i_snprintf() function. In the case of
vnsprintf() being available, it depends on vnsprintf() returning -1 when the
string was longer than the passed-in limit (or it won't terminate the
string.). But this isn't the C99-standardized behaviour, and newer glibc's
don't do that anymore either, so you can end up with a non-terminated
string. This patch should fix it, I think.

Index: strfuncs.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib/strfuncs.c,v
retrieving revision 1.14
diff -c -u -r1.14 strfuncs.c
--- strfuncs.c	20 Oct 2002 03:19:10 -0000	1.14
+++ strfuncs.c	23 Oct 2002 11:19:39 -0000
@@ -401,7 +401,7 @@
 	va_end(args);
 	t_pop();
 
-	if (ret < 0) {
+	if (ret < 0 || ret >= max_chars) {
 		str[max_chars-1] = '\0';
 		ret = strlen(str);
 	}


-- 
Thomas Wouters <thomas at xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!



More information about the dovecot mailing list