From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Aug 2020 11:18:52 +0000 (+0200)
Subject: imv-scanner: Fix potential buffer overflow
X-Git-Tag: 5.9.1dr1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdd058e36c994101001b3d0fa17f91ad4d299d43;p=thirdparty%2Fstrongswan.git

imv-scanner: Fix potential buffer overflow

While `pos` was moved to the end, `len` was not adjusted (i.e. set to 0)
so later calls could write beyond the buffer.  However, the last port
written might have been incomplete, so instead we just reset the string.
---

diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 8dce4986f6..247a76c3f4 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -429,7 +429,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					written = snprintf(pos, len, " %u", port);
 					if (written < 0 || written >= len)
 					{
-						pos += len - 1;
 						*pos = '\0';
 					}
 					else