From: Steve Chew (stechew) <stechew@cisco.com>
Date: Mon, 15 Sep 2025 21:05:29 +0000 (+0000)
Subject: Pull request #4905: control: Fix potential buffer overrun by properly checking return... 
X-Git-Tag: 3.9.6.0~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb89bab95e6d0e0524a5be73491e58305d7e5454;p=thirdparty%2Fsnort3.git

Pull request #4905: control: Fix potential buffer overrun by properly checking return of vsnprintf.

Merge in SNORT/snort3 from ~STECHEW/snort3:control_conn_respond_bug_fix to master

Squashed commit of the following:

commit 8c04e793d1502869dac4066323a68ec82ae54bae
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Sep 14 19:05:18 2025 -0400

    control: Fix potential buffer overrun by properly checking return of vsnprintf.
---

diff --git a/src/control/control.cc b/src/control/control.cc
index 679972464..ce6c38cb0 100644
--- a/src/control/control.cc
+++ b/src/control/control.cc
@@ -229,8 +229,12 @@ bool ControlConn::respond(const char* format, va_list& ap)
     char buf[STD_BUF];
     int response_len = vsnprintf(buf, sizeof(buf), format, ap);
 
-    if (response_len < 0 || response_len == sizeof(buf))
+    if (response_len < 0 || (size_t)response_len >= sizeof(buf))
+    {
+        LogMessage("ControlConn::respond: Unable to create response buffer. buf_size=%zu,"
+            " response_len=%d, format=%s\n", sizeof(buf), response_len, format);
         return false;
+    }
 
     buf[response_len] = '\0';