3 additional snprintf() range checks (inconceivable these would ever

truncate, but if they do, we prefer to know)
ok job claudio

diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c
index c9c5c2a..2ec2ba0 100644 (file)
--- a/usr.sbin/rpki-client/ip.c
+++ b/usr.sbin/rpki-client/ip.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip.c,v 1.14 2021/01/08 08:09:07 claudio Exp $ */
+/*     $OpenBSD: ip.c,v 1.15 2021/03/29 03:35:32 deraadt Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -236,9 +236,12 @@ static void
 ip4_addr2str(const struct ip_addr *addr, char *b, size_t bsz)
 {
        char buf[16];
+       int ret;
 
-       snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET, addr->addr, buf,
+       ret = snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET, addr->addr, buf,
            sizeof(buf)), addr->prefixlen);
+       if (ret < 0 || (size_t)ret >= bsz)
+               err(1, "malformed IPV4 address");
 }
 
 /*
@@ -249,10 +252,13 @@ ip4_addr2str(const struct ip_addr *addr, char *b, size_t bsz)
 static void
 ip6_addr2str(const struct ip_addr *addr, char *b, size_t bsz)
 {
-       char     buf[44];
+       char buf[44];
+       int ret;
 
-       snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET6, addr->addr, buf,
+       ret = snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET6, addr->addr, buf,
            sizeof(buf)), addr->prefixlen);
+       if (ret < 0 || (size_t)ret >= bsz)
+               err(1, "malformed IPV6 address");
 }
 
 /*

diff --git a/usr.sbin/rpki-client/output-bgpd.c b/usr.sbin/rpki-client/output-bgpd.c
index ebe955d..c1fe493 100644 (file)
--- a/usr.sbin/rpki-client/output-bgpd.c
+++ b/usr.sbin/rpki-client/output-bgpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: output-bgpd.c,v 1.18 2020/09/12 15:46:48 claudio Exp $ */
+/*     $OpenBSD: output-bgpd.c,v 1.19 2021/03/29 03:35:32 deraadt Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -33,10 +33,12 @@ output_bgpd(FILE *out, struct vrp_tree *vrps, struct stats *st)
 
        RB_FOREACH(v, vrp_tree, vrps) {
                ip_addr_print(&v->addr, v->afi, buf1, sizeof(buf1));
-               if (v->maxlength > v->addr.prefixlen)
-                       snprintf(buf2, sizeof(buf2), "maxlen %u ",
+               if (v->maxlength > v->addr.prefixlen) {
+                       int ret = snprintf(buf2, sizeof(buf2), "maxlen %u ",
                            v->maxlength);
-               else
+                       if (ret < 0 || (size_t)ret > sizeof(buf2))
+                               return -1;
+               } else
                        buf2[0] = '\0';
                if (fprintf(out, "\t%s %ssource-as %u\n", buf1, buf2, v->asid) < 0)
                        return -1;