diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2026-04-28 09:05:35 -0400 |
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2026-04-28 09:10:11 -0400 |
| commit | 05e48deff2c974911e876b753dfc12614ecbb25e (patch) | |
| tree | b26db9df30031969f3518012a6438e6cbd128bd6 | |
| parent | 6a9f076f69d233f75ec78e74b77fefa5e9ed92db (diff) | |
| download | stasis-05e48deff2c974911e876b753dfc12614ecbb25e.tar.gz | |
Possibly fix buffer overflow reported by stack protector
| -rw-r--r-- | src/lib/core/ini.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/src/lib/core/ini.c b/src/lib/core/ini.c index 6809051..c166487 100644 --- a/src/lib/core/ini.c +++ b/src/lib/core/ini.c @@ -454,6 +454,9 @@ int ini_write(struct INIFILE *ini, FILE **stream, unsigned mode) { xvalue = ini_getval_str(ini, section_name, key, (int) mode, &err); value = xvalue; } + + const size_t buf_size = sizeof(outvalue); + size_t buf_len = 0; char **parts = split(value, LINE_SEP, 0); for (size_t p = 0; parts && parts[p] != NULL; p++) { char *render = NULL; @@ -470,38 +473,30 @@ int ini_write(struct INIFILE *ini, FILE **stream, unsigned mode) { return -1; } - size_t len = 0; + buf_len = strlen(outvalue); if (*hint == INIVAL_TYPE_STR_ARRAY) { - SYSDEBUG("%s", "array hint."); - int leading_space = isspace(*render); + const int leading_space = isspace(*render); if (leading_space) { - len = sizeof(outvalue) - (size_t) snprintf(NULL, 0, "%s" LINE_SEP, render); - SYSDEBUG("has leading space. buffer remaining=%zu", len); - snprintf(outvalue + strlen(outvalue), len, "%s" LINE_SEP, render); + snprintf(outvalue + buf_len, buf_size - buf_len, "%s" LINE_SEP, render); } else { - len = sizeof(outvalue) - (size_t) snprintf(NULL, 0, " %s" LINE_SEP, render); - SYSDEBUG("no leading space. buffer remaining=%zu", len); - snprintf(outvalue + strlen(outvalue), len, " %s" LINE_SEP, render); + snprintf(outvalue + buf_len, buf_size - buf_len, " %s" LINE_SEP, render); } } else { - len = sizeof(outvalue) - (size_t) snprintf(NULL, 0, "%s", render); - SYSDEBUG("string hint. buffer remaining=%zu", len); - snprintf(outvalue + strlen(outvalue), len, "%s", render); + snprintf(outvalue + buf_len, buf_size - buf_len, "%s", render); } if (mode == INI_WRITE_PRESERVE) { - SYSDEBUG("%s", "freeing rendered value"); guard_free(render); } } guard_array_free(parts); strip(outvalue); - SYSDEBUG("%s", "appending line separator to buffer"); - snprintf(outvalue + strlen(outvalue), sizeof(outvalue) - strlen(outvalue), "%s", LINE_SEP); - SYSDEBUG("buffer final length: %zu", strlen(outvalue)); + // update length of outvalue + buf_len = strlen(outvalue); + + snprintf(outvalue + buf_len, buf_size - buf_len, "%s", LINE_SEP); fprintf(*stream, "%s = %s%s", ini->section[x]->data[y]->key, *hint == INIVAL_TYPE_STR_ARRAY ? LINE_SEP : "", outvalue); - SYSDEBUG("%s", "freeing value"); guard_free(value); } else { fprintf(*stream, "%s = %s", ini->section[x]->data[y]->key, ini->section[x]->data[y]->value); |