Merge remote-tracking branch 'tor-github/pr/1052' into maint-0.2.9

2 files changed, 19 insertions, 4 deletions

diff --git a/changes/bug30561 b/changes/bug30561
new file mode 100644
index 0000000000..afb3f02c62
--- /dev/null
+++ b/changes/bug30561
@@ -0,0 +1,6 @@
+  o Minor bugfixes (portability):
+    - Avoid crashing in our tor_vasprintf() implementation on systems that
+      define neither vasprintf() nor _vscprintf(). (This bug has been here
+      long enough that we question whether people are running Tor on such
+      systems, but we're applying the fix out of caution.) Fixes bug 30561;
+      bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann.
diff --git a/src/common/compat.c b/src/common/compat.c
index 9758751122..ee3bf0fd50 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -554,14 +554,24 @@ tor_vasprintf(char **strp, const char *fmt, va_list args)
    * characters we need.  We give it a try on a short buffer first, since
    * it might be nice to avoid the second vsnprintf call.
    */
+  /* XXXX This code spent a number of years broken (see bug 30651). It is
+   * possible that no Tor users actually run on systems without vasprintf() or
+   * _vscprintf(). If so, we should consider removing this code. */
   char buf[128];
   int len, r;
   va_list tmp_args;
   va_copy(tmp_args, args);
-  /* vsnprintf() was properly checked but tor_vsnprintf() available so
-   * why not use it? */
-  len = tor_vsnprintf(buf, sizeof(buf), fmt, tmp_args);
+  /* Use vsnprintf to retrieve needed length.  tor_vsnprintf() is not an
+   * option here because it will simply return -1 if buf is not large enough
+   * to hold the complete string.
+   */
+  len = vsnprintf(buf, sizeof(buf), fmt, tmp_args);
   va_end(tmp_args);
+  buf[sizeof(buf) - 1] = '\0';
+  if (len < 0) {
+    *strp = NULL;
+    return -1;
+  }
   if (len < (int)sizeof(buf)) {
     *strp = tor_strdup(buf);
     return len;
@@ -3543,4 +3553,3 @@ tor_get_avail_disk_space(const char *path)
   return -1;
 #endif
 }
-