From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Tue, 13 May 2014 09:17:49 +0000 (+0200)
Subject: utils: fix buffer reallocation of nft_fprinft()
X-Git-Tag: libnftnl-1.0.2~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33126ce58e9ec95dfb9b95bc703ff60762e1eb24;p=thirdparty%2Flibnftnl.git

utils: fix buffer reallocation of nft_fprinft()

When _snprintf() reports it would print n characters, that n doesn't include
the trailing \0 that snprintf adds.

Thus, we need to [re]allocate n+1 characters.

While at it, change the reallocation trigger. If the length of the buffer we
used is equals to the expanded string length, the output has been truncated.
In other words, if ret == bufsiz, then the trailing \0 is missing.

Also, check if _snprintf() returned < 0, which means an error ocurred.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/utils.c b/src/utils.c
index 18917f57..20a2fa33 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -195,17 +195,24 @@ int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags,
 	int ret;
 
 	ret = snprintf_cb(buf, bufsiz, obj, type, flags);
-	if (ret > NFT_SNPRINTF_BUFSIZ) {
-		buf = calloc(1, ret);
+	if (ret < 0)
+		goto out;
+
+	if (ret >= NFT_SNPRINTF_BUFSIZ) {
+		bufsiz = ret + 1;
+
+		buf = malloc(bufsiz);
 		if (buf == NULL)
 			return -1;
 
-		bufsiz = ret;
 		ret = snprintf_cb(buf, bufsiz, obj, type, flags);
+		if (ret < 0)
+			goto out;
 	}
 
 	ret = fprintf(fp, "%s", buf);
 
+out:
 	if (buf != _buf)
 		xfree(buf);