diff options
author | Michael Tuexen <tuexen@fh-muenster.de> | 2020-05-18 14:09:04 +0200 |
---|---|---|
committer | Michael Tuexen <tuexen@fh-muenster.de> | 2020-05-18 14:09:04 +0200 |
commit | d98d2c4c6f4a6a8cafef2a6a2c81de0137a07da0 (patch) | |
tree | 600285fcf4330386fd6cc98a0dc63f44e09be67b | |
parent | a05154264872ec8e5d4143ac841a306f54ace231 (diff) | |
download | usrsctp-d98d2c4c6f4a6a8cafef2a6a2c81de0137a07da0.tar.gz |
Check return value of snprintf().
This should fix https://github.com/sctplab/usrsctp/issues/453.
-rw-r--r-- | programs/daytime_server.c | 6 | ||||
-rw-r--r-- | programs/daytime_server_upcall.c | 6 | ||||
-rw-r--r-- | programs/discard_server.c | 6 | ||||
-rw-r--r-- | programs/echo_server.c | 6 | ||||
-rw-r--r-- | programs/ekr_loop_upcall.c | 4 | ||||
-rw-r--r-- | programs/http_client.c | 12 | ||||
-rw-r--r-- | programs/http_client_upcall.c | 12 | ||||
-rw-r--r-- | programs/programs_helper.c | 17 | ||||
-rw-r--r-- | programs/rtcweb.c | 6 | ||||
-rw-r--r-- | programs/st_client.c | 3 | ||||
-rw-r--r-- | programs/tsctp_upcall.c | 4 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_asconf.c | 7 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_bsd_addr.c | 4 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_indata.c | 173 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_input.c | 22 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_output.c | 24 | ||||
-rwxr-xr-x | usrsctplib/netinet/sctp_pcb.c | 22 |
17 files changed, 221 insertions, 113 deletions
diff --git a/programs/daytime_server.c b/programs/daytime_server.c index 3e03dc1f..cab27554 100644 --- a/programs/daytime_server.c +++ b/programs/daytime_server.c @@ -111,10 +111,12 @@ main(int argc, char *argv[]) } time(&now); #ifdef _WIN32 - _snprintf(buffer, sizeof(buffer), "%s", ctime(&now)); + if (_snprintf(buffer, sizeof(buffer), "%s", ctime(&now)) < 0) { #else - snprintf(buffer, sizeof(buffer), "%s", ctime(&now)); + if (snprintf(buffer, sizeof(buffer), "%s", ctime(&now)) < 0) { #endif + buffer[0] = '\0'; + } sndinfo.snd_sid = 0; sndinfo.snd_flags = 0; sndinfo.snd_ppid = htonl(DAYTIME_PPID); diff --git a/programs/daytime_server_upcall.c b/programs/daytime_server_upcall.c index b85cb256..87017cf2 100644 --- a/programs/daytime_server_upcall.c +++ b/programs/daytime_server_upcall.c @@ -69,10 +69,12 @@ handle_accept(struct socket *sock, void *data, int flags) } time(&now); #ifdef _WIN32 - _snprintf(buffer, sizeof(buffer), "%s", ctime(&now)); + if (_snprintf(buffer, sizeof(buffer), "%s", ctime(&now)) < 0) { #else - snprintf(buffer, sizeof(buffer), "%s", ctime(&now)); + if (snprintf(buffer, sizeof(buffer), "%s", ctime(&now)) < 0) { #endif + buffer[0] = '\0'; + } sndinfo.snd_sid = 0; sndinfo.snd_flags = 0; sndinfo.snd_ppid = htonl(DAYTIME_PPID); diff --git a/programs/discard_server.c b/programs/discard_server.c index e469b363..b60c6921 100644 --- a/programs/discard_server.c +++ b/programs/discard_server.c @@ -86,10 +86,12 @@ receive_cb(struct socket *sock, union sctp_sockstore addr, void *data, #endif case AF_CONN: #ifdef _WIN32 - _snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr); + if (_snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr) < 0) { #else - snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr); + if (snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr) < 0) { #endif + namebuf[0] = '\0'; + } name = namebuf; port = ntohs(addr.sconn.sconn_port); break; diff --git a/programs/echo_server.c b/programs/echo_server.c index f59a99c8..38fa6f41 100644 --- a/programs/echo_server.c +++ b/programs/echo_server.c @@ -86,10 +86,12 @@ receive_cb(struct socket *sock, union sctp_sockstore addr, void *data, #endif case AF_CONN: #ifdef _WIN32 - _snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr); + if (_snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr) < 0) { #else - snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr); + if (snprintf(namebuf, INET6_ADDRSTRLEN, "%p", addr.sconn.sconn_addr) < 0) { #endif + namebuf[0] = '\0'; + } name = namebuf; port = ntohs(addr.sconn.sconn_port); break; diff --git a/programs/ekr_loop_upcall.c b/programs/ekr_loop_upcall.c index d225fee9..717dfce5 100644 --- a/programs/ekr_loop_upcall.c +++ b/programs/ekr_loop_upcall.c @@ -121,7 +121,9 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) FILE *fp; char fname[128]; static int pktnum = 0; - snprintf(fname, sizeof(fname), "pkt-%d", pktnum++); + if (snprintf(fname, sizeof(fname), "pkt-%d", pktnum++) < 0) { + fname[0] = '\0'; + } fp = fopen(fname, "wb"); fwrite((char *)buf + 12, 1, length - 12, fp); fclose(fp); diff --git a/programs/http_client.c b/programs/http_client.c index def03849..03c92860 100644 --- a/programs/http_client.c +++ b/programs/http_client.c @@ -256,16 +256,20 @@ main(int argc, char *argv[]) if (argc > 6) { #ifdef _WIN32 - _snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix); + if (_snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix) < 0) { #else - snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix); + if (snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix) < 0) { #endif + request[0] = '\0'; + } } else { #ifdef _WIN32 - _snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix); + if (_snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix) < 0) { #else - snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix); + if (snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix) < 0) { #endif + request[0] = '\0'; + } } printf("\nHTTP request:\n%s\n", request); diff --git a/programs/http_client_upcall.c b/programs/http_client_upcall.c index 5583b54c..63916266 100644 --- a/programs/http_client_upcall.c +++ b/programs/http_client_upcall.c @@ -276,16 +276,20 @@ main(int argc, char *argv[]) if (argc > 6) { #ifdef _WIN32 - _snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix); + if (_snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix) < 0) { #else - snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix); + if (snprintf(request, sizeof(request), "%s %s %s", request_prefix, argv[6], request_postfix) < 0) { #endif + request[0] = '\0'; + } } else { #ifdef _WIN32 - _snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix); + if (_snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix) < 0) { #else - snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix); + if (snprintf(request, sizeof(request), "%s %s %s", request_prefix, "/", request_postfix) < 0) { #endif + request[0] = '\0'; + } } printf("\nHTTP request:\n%s\n", request); diff --git a/programs/programs_helper.c b/programs/programs_helper.c index 0883740f..a8dbd62f 100644 --- a/programs/programs_helper.c +++ b/programs/programs_helper.c @@ -65,8 +65,9 @@ debug_printf_stack(const char *format, ...) timersub(&time_now, &time_main, &time_delta); va_start(ap, format); - //vfprintf(stderr, format, ap); - vsnprintf(charbuf, 1024, format, ap); + if (vsnprintf(charbuf, 1024, format, ap) < 0) { + charbuf[0] = '\0'; + } va_end(ap); fprintf(stderr, "[S][%u.%03u] %s", (unsigned int) time_delta.tv_sec, (unsigned int) time_delta.tv_usec / 1000, charbuf); @@ -158,18 +159,22 @@ handle_peer_address_change_event(struct sctp_paddr_change *spc) case AF_CONN: sconn = (struct sockaddr_conn *)&spc->spc_aaddr; #ifdef _WIN32 - _snprintf(addr_buf, INET6_ADDRSTRLEN, "%p", sconn->sconn_addr); + if (_snprintf(addr_buf, INET6_ADDRSTRLEN, "%p", sconn->sconn_addr) < 0) { #else - snprintf(addr_buf, INET6_ADDRSTRLEN, "%p", sconn->sconn_addr); + if (snprintf(addr_buf, INET6_ADDRSTRLEN, "%p", sconn->sconn_addr) < 0) { #endif + addr_buf[0] = '\0'; + } addr = addr_buf; break; default: #ifdef _WIN32 - _snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family); + if (_snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family) < 0) { #else - snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family); + if (snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family) < 0) { #endif + addr_buf[0] = '\0'; + } addr = addr_buf; break; } diff --git a/programs/rtcweb.c b/programs/rtcweb.c index 1bf3b182..e0d3684a 100644 --- a/programs/rtcweb.c +++ b/programs/rtcweb.c @@ -927,10 +927,12 @@ handle_peer_address_change_event(struct sctp_paddr_change *spc) break; default: #ifdef _WIN32 - _snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family); + if (_snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family) < 0) { #else - snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family); + if (snprintf(addr_buf, INET6_ADDRSTRLEN, "Unknown family %d", spc->spc_aaddr.ss_family) < 0) { #endif + addr_buf[0] = '\0'; + } addr = addr_buf; break; } diff --git a/programs/st_client.c b/programs/st_client.c index da5c53bc..49250bce 100644 --- a/programs/st_client.c +++ b/programs/st_client.c @@ -137,6 +137,9 @@ on_connect(struct socket* s) /* memset(buffer, 'A', BUFFER_SIZE); */ /* bufferlen = BUFFER_SIZE; */ bufferlen = snprintf(buffer, BUFFER_SIZE, "GET / HTTP/1.0\r\nUser-agent: libusrsctp\r\nConnection: close\r\n\r\n"); + if (bufferlen < 0) { + return; + } sndinfo.snd_sid = 0; sndinfo.snd_flags = 0; sndinfo.snd_ppid = htonl(DISCARD_PPID); diff --git a/programs/tsctp_upcall.c b/programs/tsctp_upcall.c index fab56891..21f6bba9 100644 --- a/programs/tsctp_upcall.c +++ b/programs/tsctp_upcall.c @@ -151,7 +151,9 @@ static const char *bytes2human(uint64_t bytes) } } - snprintf(output, sizeof(output), "%.02lf %s", human_size, suffix[i]); + if (snprintf(output, sizeof(output), "%.02lf %s", human_size, suffix[i]) < 0) { + output[0] = '\0'; + } return output; } diff --git a/usrsctplib/netinet/sctp_asconf.c b/usrsctplib/netinet/sctp_asconf.c index cb1e53dd..c512628d 100755 --- a/usrsctplib/netinet/sctp_asconf.c +++ b/usrsctplib/netinet/sctp_asconf.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_asconf.c 361145 2020-05-17 22:31:38Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_asconf.c 361209 2020-05-18 10:07:01Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -1743,8 +1743,9 @@ sctp_handle_asconf_ack(struct mbuf *m, int offset, char msg[SCTP_DIAG_INFO_LEN]; SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); - snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", - serial_num); + if (snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", serial_num) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_no_unlock = 1; diff --git a/usrsctplib/netinet/sctp_bsd_addr.c b/usrsctplib/netinet/sctp_bsd_addr.c index 4559cc72..e94da25e 100755 --- a/usrsctplib/netinet/sctp_bsd_addr.c +++ b/usrsctplib/netinet/sctp_bsd_addr.c @@ -542,7 +542,9 @@ sctp_init_ifns_for_vrf(int vrfid) } else { ifa_flags = 0; } - snprintf(name, SCTP_IFNAMSIZ, "%s%d", ifnet_name(ifn), ifnet_unit(ifn)); + if (snprintf(name, SCTP_IFNAMSIZ, "%s%d", ifnet_name(ifn), ifnet_unit(ifn)) < 0) { + name[0] = '\0'; + } sctp_ifa = sctp_add_addr_to_vrf(vrfid, (void *)ifn, /* XXX */ ifnet_index(ifn), diff --git a/usrsctplib/netinet/sctp_indata.c b/usrsctplib/netinet/sctp_indata.c index c4a7468f..ff1d045e 100755 --- a/usrsctplib/netinet/sctp_indata.c +++ b/usrsctplib/netinet/sctp_indata.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_indata.c 360878 2020-05-10 17:19:19Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_indata.c 361209 2020-05-18 10:07:01Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -169,6 +169,9 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, read_queue_e->data = dm; read_queue_e->stcb = stcb; read_queue_e->port_from = stcb->rport; + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + read_queue_e->do_not_ref_stcb = 1; + } failed_build: return (read_queue_e); } @@ -447,22 +450,26 @@ sctp_abort_in_reasm(struct sctp_tcb *stcb, struct mbuf *oper; if (stcb->asoc.idata_supported) { - snprintf(msg, sizeof(msg), - "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", - opspot, - control->fsn_included, - chk->rec.data.tsn, - chk->rec.data.sid, - chk->rec.data.fsn, chk->rec.data.mid); + if (snprintf(msg, sizeof(msg), + "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", + opspot, + control->fsn_included, + chk->rec.data.tsn, + chk->rec.data.sid, + chk->rec.data.fsn, chk->rec.data.mid) < 0) { + msg[0] = '\0'; + } } else { - snprintf(msg, sizeof(msg), - "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x", - opspot, - control->fsn_included, - chk->rec.data.tsn, - chk->rec.data.sid, - chk->rec.data.fsn, - (uint16_t)chk->rec.data.mid); + if (snprintf(msg, sizeof(msg), + "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x", + opspot, + control->fsn_included, + chk->rec.data.tsn, + chk->rec.data.sid, + chk->rec.data.fsn, + (uint16_t)chk->rec.data.mid) < 0) { + msg[0] = '\0'; + } } oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); sctp_m_freem(chk->data); @@ -545,15 +552,19 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, */ TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm); if (asoc->idata_supported) { - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", - strm->last_mid_delivered, control->sinfo_tsn, - control->sinfo_stream, control->mid); + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", + strm->last_mid_delivered, control->sinfo_tsn, + control->sinfo_stream, control->mid) < 0) { + msg[0] = '\0'; + } } else { - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - (uint16_t)strm->last_mid_delivered, - control->sinfo_tsn, - control->sinfo_stream, - (uint16_t)control->mid); + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", + (uint16_t)strm->last_mid_delivered, + control->sinfo_tsn, + control->sinfo_stream, + (uint16_t)control->mid) < 0) { + msg[0] = '\0'; + } } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; @@ -660,9 +671,10 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, * to put it on the queue. */ if (sctp_place_control_in_stream(strm, asoc, control)) { - snprintf(msg, sizeof(msg), - "Queue to str MID: %u duplicate", - control->mid); + if (snprintf(msg, sizeof(msg), + "Queue to str MID: %u duplicate", control->mid) < 0) { + msg[0] = '\0'; + } sctp_clean_up_control(stcb, control); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; @@ -790,6 +802,7 @@ sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queu atomic_add_int(&nc->whoFrom->ref_count, 1); nc->stcb = control->stcb; nc->port_from = control->port_from; + nc->do_not_ref_stcb = control->do_not_ref_stcb; } static void @@ -1869,8 +1882,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, * XXX: This can happen in case of a wrap around. * Ignore is for now. */ - snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", - mid, chk_flags); + if (snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", mid, chk_flags) < 0) { + msg[0] = '\0'; + } goto err_out; } control = sctp_find_reasm_entry(&asoc->strmin[sid], mid, ordered, asoc->idata_supported); @@ -1881,7 +1895,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, if (control != NULL) { /* We found something, does it belong? */ if (ordered && (mid != control->mid)) { - snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid); + if (snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid) < 0) { + msg[0] = '\0'; + } err_out: op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; @@ -1891,14 +1907,20 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, } if (ordered && ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED)) { /* We can't have a switched order with an unordered chunk */ - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", - tsn); + if (snprintf(msg, sizeof(msg), + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", + tsn) < 0) { + msg[0] = '\0'; + } goto err_out; } if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) { /* We can't have a switched unordered with a ordered chunk */ - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", - tsn); + if (snprintf(msg, sizeof(msg), + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", + tsn) < 0) { + msg[0] = '\0'; + } goto err_out; } } @@ -1912,12 +1934,18 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, if (ordered || asoc->idata_supported) { SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x dup detected on MID: %u\n", chk_flags, mid); - snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); + if (snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid) < 0) { + msg[0] = '\0'; + } goto err_out; } else { if ((tsn == control->fsn_included + 1) && (control->end_added == 0)) { - snprintf(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", control->fsn_included); + if (snprintf(msg, sizeof(msg), + "Illegal message sequence, missing end for MID: %8.8x", + control->fsn_included) < 0) { + msg[0] = '\0'; + } goto err_out; } else { control = NULL; @@ -2014,17 +2042,21 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, mid, asoc->strmin[sid].last_mid_delivered); if (asoc->idata_supported) { - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", - asoc->strmin[sid].last_mid_delivered, - tsn, - sid, - mid); + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", + asoc->strmin[sid].last_mid_delivered, + tsn, + sid, + mid) < 0) { + msg[0] = '\0'; + } } else { - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - (uint16_t)asoc->strmin[sid].last_mid_delivered, - tsn, - sid, - (uint16_t)mid); + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", + (uint16_t)asoc->strmin[sid].last_mid_delivered, + tsn, + sid, + (uint16_t)mid) < 0) { + msg[0] = '\0'; + } } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; @@ -2752,7 +2784,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated"); + if (snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated") < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -2763,7 +2797,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated"); + if (snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated") < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -2786,9 +2822,11 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "%s chunk of length %u", - ch->chunk_type == SCTP_DATA ? "DATA" : "I-DATA", - chk_length); + if (snprintf(msg, sizeof(msg), "%s chunk of length %u", + ch->chunk_type == SCTP_DATA ? "DATA" : "I-DATA", + chk_length) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -2855,8 +2893,10 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", - ch->chunk_type); + if (snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", + ch->chunk_type) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); return (2); @@ -2874,8 +2914,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "Chunk of length %u", - chk_length); + if (snprintf(msg, sizeof(msg), "Chunk of length %u", chk_length) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_23; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -4006,8 +4047,11 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, *abort_now = 1; /* XXX */ - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", - cumack, send_s); + if (snprintf(msg, sizeof(msg), + "Cum ack %8.8x greater or equal than TSN %8.8x", + cumack, send_s) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -4566,8 +4610,11 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, hopeless_peer: *abort_now = 1; /* XXX */ - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", - cum_ack, send_s); + if (snprintf(msg, sizeof(msg), + "Cum ack %8.8x greater or equal than TSN %8.8x", + cum_ack, send_s) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_28; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -5622,9 +5669,11 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, * give out). This must be an attacker. */ *abort_flag = 1; - snprintf(msg, sizeof(msg), - "New cum ack %8.8x too high, highest TSN %8.8x", - new_cum_tsn, asoc->highest_tsn_inside_map); + if (snprintf(msg, sizeof(msg), + "New cum ack %8.8x too high, highest TSN %8.8x", + new_cum_tsn, asoc->highest_tsn_inside_map) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_36; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); diff --git a/usrsctplib/netinet/sctp_input.c b/usrsctplib/netinet/sctp_input.c index cfc34f87..6cba2891 100755 --- a/usrsctplib/netinet/sctp_input.c +++ b/usrsctplib/netinet/sctp_input.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 360942 2020-05-11 22:47:20Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 361209 2020-05-18 10:07:01Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -4871,7 +4871,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length, } } if (stcb == NULL) { - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); /* no association, so it's out of the blue... */ @@ -4915,7 +4917,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length, if (stcb != NULL) { SCTP_TCB_UNLOCK(stcb); } - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] ='\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_handle_ootb(m, iphlen, *offset, src, dst, @@ -5887,7 +5891,9 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt #if defined(__FreeBSD__) SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); #endif - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, @@ -5970,7 +5976,9 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt #if defined(__FreeBSD__) SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); #endif - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, @@ -6056,7 +6064,9 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt /* * We consider OOTB any data sent during asoc setup. */ - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, diff --git a/usrsctplib/netinet/sctp_output.c b/usrsctplib/netinet/sctp_output.c index 839affb6..786b0183 100755 --- a/usrsctplib/netinet/sctp_output.c +++ b/usrsctplib/netinet/sctp_output.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 361145 2020-05-17 22:31:38Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 361209 2020-05-18 10:07:01Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -6065,7 +6065,9 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, if (op_err == NULL) { char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); } @@ -7304,8 +7306,10 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, char msg[SCTP_DIAG_INFO_LEN]; abort_anyway: - snprintf(msg, sizeof(msg), - "%s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); atomic_add_int(&stcb->asoc.refcnt, 1); @@ -10206,8 +10210,10 @@ sctp_chunk_retransmission(struct sctp_inpcb *inp, struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", - chk->rec.data.tsn, chk->snd_count); + if (snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", + chk->rec.data.tsn, chk->snd_count) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); atomic_add_int(&stcb->asoc.refcnt, 1); @@ -14809,8 +14815,10 @@ dataless_eof: atomic_add_int(&stcb->asoc.refcnt, -1); free_cnt_applied = 0; } - snprintf(msg, sizeof(msg), - "%s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); #if defined(__FreeBSD__) diff --git a/usrsctplib/netinet/sctp_pcb.c b/usrsctplib/netinet/sctp_pcb.c index 431765f2..36fbb55b 100755 --- a/usrsctplib/netinet/sctp_pcb.c +++ b/usrsctplib/netinet/sctp_pcb.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 361145 2020-05-17 22:31:38Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 361209 2020-05-18 10:07:01Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -606,9 +606,13 @@ sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index, atomic_add_int(&vrf->refcount, 1); sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); if (if_name != NULL) { - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name) < 0) { + sctp_ifnp->ifn_name[0] = '\0'; + } } else { - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown") < 0) { + sctp_ifnp->ifn_name[0] = '\0'; + } } hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; LIST_INIT(&sctp_ifnp->ifalist); @@ -7298,8 +7302,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, char msg[SCTP_DIAG_INFO_LEN]; /* in setup state we abort this guy */ - snprintf(msg, sizeof(msg), - "%s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_abort_an_association(stcb_tmp->sctp_ep, @@ -7392,8 +7398,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, char msg[SCTP_DIAG_INFO_LEN]; /* in setup state we abort this guy */ - snprintf(msg, sizeof(msg), - "%s:%d at %s", __FILE__, __LINE__, __func__); + if (snprintf(msg, sizeof(msg), + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { + msg[0] = '\0'; + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); sctp_abort_an_association(stcb_tmp->sctp_ep, |