From b03346f1e3ef445e58823eda2e29eff17f1a47d9 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Tue, 13 May 2014 09:08:15 +0200
Subject: internal: fix SNPRINTF_BUFFER_SIZE macro

We need to store in 'offset' the complete amount of characters as returned
from _snprintf. The value means how many characters long needs the buffer to be
in order to store the corresponding string expansion.

Before this patch, in cases where the buffer is smaller than the
expansion, then ret > len, and therefore ret = len.
So when incrementing offset, we do it with a wrong value.

All previous versions of libnftnl are unable to handle this situations: small
buffers (or long string expansion).

BTW, if a caller must reallocate a buffer to the returned value of snprintf, it
should be ret + 1.

While at it, let's add a check to know if the last snprintf call failed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/internal.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/internal.h')

diff --git a/src/internal.h b/src/internal.h
index 6595e70..b06f166 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -183,10 +183,12 @@ struct nft_set_elem {
 };
 
 #define SNPRINTF_BUFFER_SIZE(ret, size, len, offset)	\
-	size += ret;					\
+	if (ret < 0)					\
+		return ret;				\
+	offset += ret;					\
 	if (ret > len)					\
 		ret = len;				\
-	offset += ret;					\
+	size += ret;					\
 	len -= ret;
 
 #define div_round_up(n, d)	(((n) + (d) - 1) / (d))
-- 
cgit v1.2.3