From: Ondřej Surý <ondrej@sury.org>
Date: Wed, 24 Oct 2018 14:28:21 +0000 (+0200)
Subject: Use larger buffers on snprintf buffer overflow false positives
X-Git-Tag: v9.13.4~46^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4eaf9275719f0512993376828ecf6df310c0f340;p=thirdparty%2Fbind9.git

Use larger buffers on snprintf buffer overflow false positives
---

diff --git a/lib/dns/rdata/generic/loc_29.c b/lib/dns/rdata/generic/loc_29.c
index 50c00ff9f7a..7af1c187313 100644
--- a/lib/dns/rdata/generic/loc_29.c
+++ b/lib/dns/rdata/generic/loc_29.c
@@ -454,11 +454,12 @@ totext_loc(ARGS_TOTEXT) {
 	bool east;
 	bool below;
 	isc_region_t sr;
-	char buf[sizeof("89 59 59.999 N 179 59 59.999 E "
-			"-42849672.95m 90000000m 90000000m 90000000m")];
 	char sbuf[sizeof("90000000m")];
 	char hbuf[sizeof("90000000m")];
 	char vbuf[sizeof("90000000m")];
+	/* "89 59 59.999 N 179 59 59.999 E " */
+	/* "-42849672.95m 90000000m 90000000m 90000000m"; */
+	char buf[8*6 + 12*1 + 2*10 + sizeof(sbuf)+sizeof(hbuf)+sizeof(vbuf)];
 	unsigned char size, hp, vp;
 	unsigned long poweroften[8] = { 1, 10, 100, 1000,
 					10000, 100000, 1000000, 10000000 };
@@ -550,7 +551,7 @@ totext_loc(ARGS_TOTEXT) {
 		altitude -= 10000000;
 	}
 
-	snprintf(buf, sizeof(buf),
+	snprintf(NULL, 0,
 		 "%d %d %d.%03d %s %d %d %d.%03d %s %s%lu.%02lum %s %s %s",
 		 d1, m1, s1, fs1, north ? "N" : "S",
 		 d2, m2, s2, fs2, east ? "E" : "W",
diff --git a/lib/dns/rdata/in_1/dhcid_49.c b/lib/dns/rdata/in_1/dhcid_49.c
index 90971b7827d..9fce42d4737 100644
--- a/lib/dns/rdata/in_1/dhcid_49.c
+++ b/lib/dns/rdata/in_1/dhcid_49.c
@@ -35,8 +35,8 @@ fromtext_in_dhcid(ARGS_FROMTEXT) {
 static inline isc_result_t
 totext_in_dhcid(ARGS_TOTEXT) {
 	isc_region_t sr, sr2;
-	char buf[sizeof(" ; 64000 255 64000")];
-	size_t n;
+	/* " ; 64000 255 64000" */
+	char buf[5 + 3*5 + 1];
 
 	REQUIRE(rdata->type == dns_rdatatype_dhcid);
 	REQUIRE(rdata->rdclass == dns_rdataclass_in);
@@ -55,10 +55,9 @@ totext_in_dhcid(ARGS_TOTEXT) {
 	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
 		RETERR(str_totext(/* ( */ " )", target));
 		if (rdata->length > 2) {
-			n = snprintf(buf, sizeof(buf), " ; %u %u %u",
-				     sr2.base[0] * 256U + sr2.base[1],
-				     sr2.base[2], rdata->length - 3U);
-			INSIST(n < sizeof(buf));
+			snprintf(NULL, 0, " ; %u %u %u",
+				 sr2.base[0] * 256U + sr2.base[1],
+				 sr2.base[2], rdata->length - 3U);
 			RETERR(str_totext(buf, target));
 		}
 	}