From: Willy Tarreau <w@1wt.eu>
Date: Tue, 29 Oct 2019 09:25:49 +0000 (+0100)
Subject: BUG/MINOR: spoe: fix off-by-one length in UUID format string
X-Git-Tag: v2.1-dev4~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fd6d671b239942c93a2f48850b32b9be150b1ba;p=thirdparty%2Fhaproxy.git

BUG/MINOR: spoe: fix off-by-one length in UUID format string

The per-thread UUID string produced by generate_pseudo_uuid() could be
off by one character due to too small of size limit in snprintf(). In
practice the UUID remains large enough to avoid any collision though.

This should be backported to 2.0 and 1.9.
---

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index fe219ea306..f23cafed73 100644
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -276,7 +276,7 @@ generate_pseudo_uuid()
 		last >>= 32u;
 		bits  -= 32;
 	}
-	snprintf(uuid, 36, "%8.8x-%4.4x-%4.4x-%4.4x-%12.12llx",
+	snprintf(uuid, 37, "%8.8x-%4.4x-%4.4x-%4.4x-%12.12llx",
 			     rnd[0],
 			     rnd[1] & 0xFFFF,
 			     ((rnd[1] >> 16u) & 0xFFF) | 0x4000,  // highest 4 bits indicate the uuid version