Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit

The check does only for strlen(line) space and buf_printf will only use at most space -1 and not print the final character ('\n') in this corner. Since a missing \n only breaks certificates at the start and end marker, missing line breaks otherwise do not trigger this error. Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1438011191-19389-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9956 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2026-05-28 04:03:29 -04:00 · 2015-07-27 17:33:11 +02:00 · 2015-07-27 17:33:11 +02:00 · d40cbf0e26
commit d40cbf0e26
parent 2dd6501e3d
2 changed files with 5 additions and 2 deletions
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@ -329,7 +329,10 @@ has_digit (const unsigned char* src)
 }

 /*
- * printf append to a buffer with overflow check
+ * printf append to a buffer with overflow check,
+ * due to usage of vsnprintf, it will leave space for
+ * a final null character and thus use only
+ * capacity - 1
 */
 bool buf_printf (struct buffer *buf, const char *format, ...)
 #ifdef __GNUC__
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@ -3712,7 +3712,7 @@ read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc)
 	  endtagfound = true;
 	  break;
 	}
-      if (!buf_safe (&buf, strlen(line)))
+      if (!buf_safe (&buf, strlen(line)+1))
 	{
 	  /* Increase buffer size */
 	  struct buffer buf2 = alloc_buf (buf.capacity * 2);