lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.

Prevents truncation due to buffer size being too small.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11947

Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun  3 03:48:58 CEST 2016 on sn-devel-144

diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 86ba74cf4f8dc9101ba9d41005f12d9abc4c4642..63eb0362404c4764eb83c52c34c17252b122cb0a 100644 (file)
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -804,7 +804,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 {
        int signvalue = 0;
        unsigned LLONG uvalue;
-       char convert[20];
+       char convert[22+1]; /* 64-bit value in octal: 22 digits + \0 */
        int place = 0;
        int spadlen = 0; /* amount to space pad */
        int zpadlen = 0; /* amount to zero pad */
@@ -834,8 +834,8 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
                        (caps? "0123456789ABCDEF":"0123456789abcdef")
                        [uvalue % (unsigned)base  ];
                uvalue = (uvalue / (unsigned)base );
-       } while(uvalue && (place < 20));
-       if (place == 20) place--;
+       } while(uvalue && (place < sizeof(convert)));
+       if (place == sizeof(convert)) place--;
        convert[place] = 0;
 
        zpadlen = max - place;