From: Hallvard Furuseth <hallvard@openldap.org>
Date: Fri, 24 Oct 2008 13:11:10 +0000 (+0000)
Subject: ITS#4467: Fix ptr += snprintf buffer overflow tests (made out-of-range ptr).
X-Git-Tag: ACLCHECK_0~1196
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=86906501215e8f06f90c1af7f2731fa62c749d06;p=openldap

ITS#4467: Fix ptr += snprintf buffer overflow tests (made out-of-range ptr).
Also avoid a buf[BUFSIZ] initialization.
---

diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
index d92a8bcd1a..b3a8ddb10e 100644
--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@@ -301,27 +301,25 @@ ldap_build_search_req(
 
 #ifdef LDAP_DEBUG
 	if ( ldap_debug & LDAP_DEBUG_ARGS ) {
-		char	buf[ BUFSIZ ] = { ' ', '*', '\0' };
+		char	buf[ BUFSIZ ], *ptr = " *";
 
 		if ( attrs != NULL ) {
-			char	*ptr;
-			int	i;
-
-			for ( ptr = buf, i = 0;
-				attrs[ i ] != NULL && ptr < &buf[ sizeof( buf ) ];
-				i++ )
-			{
-				ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
-					" %s", attrs[ i ] );
+			int	i, len, rest = sizeof( buf );
+
+			for ( i = 0; attrs[ i ] != NULL && rest > 0; i++ ) {
+				ptr = &buf[ sizeof( buf ) - rest ];
+				len = snprintf( ptr, rest, " %s", attrs[ i ] );
+				rest -= (len >= 0 ? len : (int) sizeof( buf ));
 			}
 
-			if ( ptr >= &buf[ sizeof( buf ) ] ) {
+			if ( rest <= 0 ) {
 				AC_MEMCPY( &buf[ sizeof( buf ) - STRLENOF( "...(truncated)" ) - 1 ],
 					"...(truncated)", STRLENOF( "...(truncated)" ) + 1 );
 			} 
+			ptr = buf;
 		}
 
-		Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", buf, 0, 0 );
+		Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 );
 	}
 #endif /* LDAP_DEBUG */