From 2de848f2c7c5bce0578f52770f736e9792192b53 Mon Sep 17 00:00:00 2001
From: "Nicholas J. Kain" <nicholas@kain.us>
Date: Wed, 19 Mar 2014 06:14:50 -0400
Subject: [PATCH] If the snprintf in ifcmd_raw() fails, then we can restore the
 buffer to its original state by zeroing out the data that was appended to the
 buffer by the failed snprintf.

This trick allows ifcmd_raw() to never fail in a way that would attach
corrupt commands to the output buffer.
---
 ndhc/ifchange.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/ndhc/ifchange.c b/ndhc/ifchange.c
index 347f1d5..38e3b49 100644
--- a/ndhc/ifchange.c
+++ b/ndhc/ifchange.c
@@ -59,8 +59,12 @@ static int ifcmd_raw(char *buf, size_t buflen, char *optname,
     int ioptlen = (int)optlen;
     ssize_t olen = snprintf(buf, buflen, "%s:%.*s;",
                             optname, ioptlen, optdata);
-    if (olen < 0 || (size_t)olen >= buflen)
-        return -2;
+    if (olen < 0 || (size_t)olen >= buflen) {
+        log_warning("%s: (%s) '%s' option would truncate, so it was dropped.",
+                    client_config.interface, __func__, optname);
+        memset(buf, 0, buflen);
+        return -1;
+    }
     return olen;
 }
 
@@ -306,13 +310,8 @@ static size_t send_cmd(char *out, size_t olen, struct dhcpmsg *packet,
     oldlen = get_dhcp_opt(&cfg_packet, code, olddata, sizeof olddata);
     if (oldlen == optlen && !memcmp(optdata, olddata, optlen))
         return 0;
-    int r = ifchd_cmd(buf, sizeof buf, optdata, optlen, code);
-    if (r == -1)
+    if (ifchd_cmd(buf, sizeof buf, optdata, optlen, code) < 0)
         return 0;
-    else if (r < -1) {
-        log_warning("Error happened generating ifch cmd string.");
-        return 0;
-    }
     strnkcat(out, buf, olen);
     return strlen(buf);
 }