From: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Date: Thu, 2 Jun 2016 21:54:05 +0000 (-0700)
Subject: lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
X-Git-Tag: samba-4.3.10~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a23461d2ece8cc46d3888f83a75847a7ea1736f0;p=thirdparty%2Fsamba.git

lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.

Prevents truncation due to buffer size being too small.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11947

Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun  3 03:48:58 CEST 2016 on sn-devel-144

(cherry picked from commit 8814b2556583e1f8965e8bf5a93438d46e8d43e6)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Jun  9 16:30:22 CEST 2016 on sn-devel-104
---

diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 86ba74cf4f8..63eb0362404 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -804,7 +804,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 {
 	int signvalue = 0;
 	unsigned LLONG uvalue;
-	char convert[20];
+	char convert[22+1]; /* 64-bit value in octal: 22 digits + \0 */
 	int place = 0;
 	int spadlen = 0; /* amount to space pad */
 	int zpadlen = 0; /* amount to zero pad */
@@ -834,8 +834,8 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 			(caps? "0123456789ABCDEF":"0123456789abcdef")
 			[uvalue % (unsigned)base  ];
 		uvalue = (uvalue / (unsigned)base );
-	} while(uvalue && (place < 20));
-	if (place == 20) place--;
+	} while(uvalue && (place < sizeof(convert)));
+	if (place == sizeof(convert)) place--;
 	convert[place] = 0;
 
 	zpadlen = max - place;