From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 24 Jul 2013 08:45:32 +0000 (+0200)
Subject: imv-scanner: Properly check snprintf() return value
X-Git-Tag: 5.1.0~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=346a4a1fc2a76f69592b2a111d25320fb07adaa7;p=thirdparty%2Fstrongswan.git

imv-scanner: Properly check snprintf() return value
---

diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 1d69d4de09..d1e0931376 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -332,7 +332,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		u_int16_t port;
 		bool closed_port_policy, blocked, first;
 		char result_str[BUF_LEN], *pos, *protocol_str;
-		size_t len, written;
+		size_t len;
+		int written;
 		linked_list_t *port_list;
 		enumerator_t *e1, *e2;
 
@@ -410,12 +411,15 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					{
 						written = snprintf(pos, len, "violating %s ports:",
 													  protocol_str);
-						pos += written;
-						len -= written;
+						if (written > 0 && written < len)
+						{
+							pos += written;
+							len -= written;
+						}
 						first = FALSE;
 					}
 					written = snprintf(pos, len, " %u", port);
-					if (written > len || written < 0)
+					if (written < 0 || written >= len)
 					{
 						pos += len - 1;
 						*pos = '\0';
@@ -503,7 +507,7 @@ imv_agent_if_t *imv_scanner_agent_create(const char *name, TNC_IMVID id,
 	{
 		return NULL;
 	}
-	
+
 	INIT(this,
 		.public = {
 			.bind_functions = _bind_functions,