utils: fix buffer reallocation of nft_fprinft()

When _snprintf() reports it would print n characters, that n doesn't include
the trailing \0 that snprintf adds.

Thus, we need to [re]allocate n+1 characters.

While at it, change the reallocation trigger. If the length of the buffer we
used is equals to the expanded string length, the output has been truncated.
In other words, if ret == bufsiz, then the trailing \0 is missing.

Also, check if _snprintf() returned < 0, which means an error ocurred.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/utils.c b/src/utils.c
index 18917f579aec6c66f5d4389b97e35cd404406e24..20a2fa3363ec0605ecefb85f6a5546e87dc78bdb 100644 (file)
--- a/src/utils.c
+++ b/src/utils.c
@@ -195,17 +195,24 @@ int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags,
        int ret;
 
        ret = snprintf_cb(buf, bufsiz, obj, type, flags);
-       if (ret > NFT_SNPRINTF_BUFSIZ) {
-               buf = calloc(1, ret);
+       if (ret < 0)
+               goto out;
+
+       if (ret >= NFT_SNPRINTF_BUFSIZ) {
+               bufsiz = ret + 1;
+
+               buf = malloc(bufsiz);
                if (buf == NULL)
                        return -1;
 
-               bufsiz = ret;
                ret = snprintf_cb(buf, bufsiz, obj, type, flags);
+               if (ret < 0)
+                       goto out;
        }
 
        ret = fprintf(fp, "%s", buf);
 
+out:
        if (buf != _buf)
                xfree(buf);