Pull request #4905: control: Fix potential buffer overrun by properly checking return...

Merge in SNORT/snort3 from ~STECHEW/snort3:control_conn_respond_bug_fix to master

Squashed commit of the following:

commit 8c04e793d1502869dac4066323a68ec82ae54bae
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Sep 14 19:05:18 2025 -0400

    control: Fix potential buffer overrun by properly checking return of vsnprintf.

diff --git a/src/control/control.cc b/src/control/control.cc
index 679972464c05dea7c72fe35a83b1189bc6085b71..ce6c38cb0655448bc98c818b224e4476bf671520 100644 (file)
--- a/src/control/control.cc
+++ b/src/control/control.cc
@@ -229,8 +229,12 @@ bool ControlConn::respond(const char* format, va_list& ap)
     char buf[STD_BUF];
     int response_len = vsnprintf(buf, sizeof(buf), format, ap);
 
-    if (response_len < 0 || response_len == sizeof(buf))
+    if (response_len < 0 || (size_t)response_len >= sizeof(buf))
+    {
+        LogMessage("ControlConn::respond: Unable to create response buffer. buf_size=%zu,"
+            " response_len=%d, format=%s\n", sizeof(buf), response_len, format);
         return false;
+    }
 
     buf[response_len] = '\0';