possible buffer overflow vulnerability for va_list in C?

Question

I have the following code:

int ircsocket_print(char *message, ...)
{
    char buffer[512];
    int iError;
    va_list va;
    va_start(va, message);
    vsprintf(buffer, message, va);
    va_end(va);
    send(ircsocket_connection, buffer, strlen(buffer), 0);
    return 1;
}

And I wanted to know if this code is vulerable to buffer overflows by providing char arrays with a size > 512 to the variables list? And if so - How can I fix this?

thank you.

Andrey Kamaev · Accepted Answer

Yes, it is vulnerable.

You can implement your function this way:

int ircsocket_print(char *message, ...)
{
    char buf[512];
    char *buffer;
    int len;
    va_list va;

    buffer = buf;
    va_start(va, message);
    len = vsnprintf(buffer, 512, message, va);
    va_end(va);

    if (len >= 512)
    {
        buffer = (char*)malloc(len + 1);
        va_start(va, message);
        len = vsnprintf(buffer, len + 1, message, va);
        va_end(va);
    }

    send(ircsocket_connection, buffer, len, 0);

    if (buffer != buf)
        free(buffer);
    return 1;
}

possible buffer overflow vulnerability for va_list in C?

Tags:

c

variadic-functions

overflow

buffer

Andreas Grapentin

1 Answers

Andrey Kamaev

Recent Activity

Donate For Us

possible buffer overflow vulnerability for va_list in C?

Tags:

c

variadic-functions

overflow

buffer

Andreas Grapentin

1 Answers

Andrey Kamaev

Related questions

Recent Activity

Donate For Us