From 623812887a8259621ff2e6163826255d02f8ca49 Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Tue, 12 Mar 2024 16:23:41 -0400 Subject: [PATCH] ssl_mail_client: Check return value of mbedtls_snprintf The return value of snprintf() is the number of characters (excluding the null terminator) which would have been written to the buffer if enough space had been available. Thus, a return value of size or more means the output was truncated. Signed-off-by: Mingjie Shen --- programs/ssl/ssl_mail_client.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index ccd9dc9345..01d69d7b91 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -728,6 +728,10 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -740,6 +744,10 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -769,6 +777,10 @@ usage: "Mbed TLS mail client example.\r\n" "\r\n" "Enjoy!", opt.mail_from); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_data(&ssl, buf, len); len = sprintf((char *) buf, "\r\n.\r\n");