From 30fc89e556e5c09bf62b9548862cc3d924b9ec81 Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Wed, 11 Oct 2023 17:14:17 +0200
Subject: Fix for buffer overflow in serialization

---
 src/lib/ndpi_serializer.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index 9a27add4d..e8cdf5c88 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -1496,14 +1496,12 @@ int ndpi_serialize_string_int32(ndpi_serializer *_serializer,
   if(serializer->fmt == ndpi_serialization_format_csv) {
     /* Key is ignored */
     u_int32_t buff_diff = serializer->buffer.size - serializer->status.buffer.size_used;
-    u_int16_t needed = 11 /* 10 (billion) + CVS separator */;
+    u_int16_t needed = 12 /* 10 (billion) + CVS separator + \0 */;
     int rc;
 
     if(buff_diff < needed) {
       if(ndpi_extend_serializer_buffer(&serializer->buffer, needed - buff_diff) < 0)
-	return(-1);
-      else
-	buff_diff = serializer->buffer.size - serializer->status.buffer.size_used;
+	return(-1);     	
     }
 
     if(!(serializer->status.flags & NDPI_SERIALIZER_STATUS_HDR_DONE)) {
@@ -1512,14 +1510,16 @@ int ndpi_serialize_string_int32(ndpi_serializer *_serializer,
     }
 
     ndpi_serialize_csv_pre(serializer);
-    /* needed--; */
+    buff_diff = serializer->buffer.size - serializer->status.buffer.size_used;
 
     rc = ndpi_snprintf((char*)&serializer->buffer.data[serializer->status.buffer.size_used],
-		       needed, "%u", value);
+		       buff_diff, "%u", value);
 
     if(rc < 0 || (u_int)rc >= buff_diff)
       return(-1);
+    
     serializer->status.buffer.size_used += rc;
+    
     return(0);
   } else
 #endif
-- 
cgit v1.2.3