proc/escape.c: Handle negative snprintf() return value.

May happen if strlen(src) > INT_MAX for example. This patch prevents
escaped_copy() from increasing maxroom and returning -1 (= number of
bytes consumed in dst).
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 7efa102248
commit 62f19dc5df

View File

@ -251,6 +251,10 @@ int escaped_copy(char *restrict dst, const char *restrict src, int bufsize, int
if (bufsize > *maxroom+1) bufsize = *maxroom+1; if (bufsize > *maxroom+1) bufsize = *maxroom+1;
n = snprintf(dst, bufsize, "%s", src); n = snprintf(dst, bufsize, "%s", src);
if (n < 0) {
*dst = '\0';
return 0;
}
if (n >= bufsize) n = bufsize-1; if (n >= bufsize) n = bufsize-1;
*maxroom -= n; *maxroom -= n;
return n; return n;