CDRIVER-4820 check return values of bson_snprintf (#1642)

CDRIVER-4820 check return values of `bson_snprintf`

Author: laurelxiang

src/libbson/src/bson/bson-decimal128.c

@@ -269,7 +269,9 @@ bson_decimal128_to_string (const bson_decimal128_t *dec, /* IN  */
       }
       /* Exponent */
       *(str_out++) = 'E';
-      bson_snprintf (str_out, 6, "%+d", scientific_exponent);
+      // Truncation is OK.
+      int req = bson_snprintf (str_out, 6, "%+d", scientific_exponent);
+      BSON_ASSERT (req > 0);
    } else {
       /* Regular format with no decimal place */
       if (exponent >= 0) {

src/libbson/src/bson/bson-keys.c

@@ -19,6 +19,7 @@
 
 #include <bson/bson-keys.h>
 #include <bson/bson-string.h>
+#include <bson/bson-cmp.h>
 
 
 static const char *gUint32Strs[] = {
@@ -141,5 +142,9 @@ bson_uint32_to_string (uint32_t value,      /* IN */
 
    *strptr = str;
 
-   return bson_snprintf (str, size, "%u", value);
+   int ret = bson_snprintf (str, size, "%u", value);
+   // Truncation is OK.
+   BSON_ASSERT (ret > 0);
+   BSON_ASSERT (bson_in_range_size_t_signed (ret));
+   return (size_t) ret;
 }

src/libmongoc/src/mongoc/mongoc-client.c

@@ -618,7 +618,9 @@ mongoc_client_connect_tcp (int32_t connecttimeoutms, const mongoc_host_list_t *h
    BSON_ASSERT (connecttimeoutms);
    BSON_ASSERT (host);
 
-   bson_snprintf (portstr, sizeof portstr, "%hu", host->port);
+   // Expect no truncation.
+   int req = bson_snprintf (portstr, sizeof portstr, "%hu", host->port);
+   BSON_ASSERT (bson_cmp_less_su (req, sizeof portstr));
 
    memset (&hints, 0, sizeof hints);
    hints.ai_family = host->family;
@@ -712,7 +714,13 @@ mongoc_client_connect_unix (const mongoc_host_list_t *host, bson_error_t *error)
 
    memset (&saddr, 0, sizeof saddr);
    saddr.sun_family = AF_UNIX;
-   bson_snprintf (saddr.sun_path, sizeof saddr.sun_path - 1, "%s", host->host);
+   // Expect no truncation.
+   int req = bson_snprintf (saddr.sun_path, sizeof saddr.sun_path - 1, "%s", host->host);
+
+   if (bson_cmp_greater_equal_su (req, sizeof saddr.sun_path - 1)) {
+      bson_set_error (error, MONGOC_ERROR_STREAM, MONGOC_ERROR_STREAM_SOCKET, "Failed to define socket address path.");
+      RETURN (NULL);
+   }
 
    sock = mongoc_socket_new (AF_UNIX, SOCK_STREAM, 0);
 

src/libmongoc/src/mongoc/mongoc-cluster-aws.c

@@ -354,7 +354,9 @@ generate_AWS_ROLE_SESSION_NAME (bson_error_t *error)
 
    size_t i;
    for (i = 0; i < NUM_BYTES; i++) {
-      bson_snprintf (out + (2 * i), 3, "%02x", data[i]);
+      // Expect no truncation.
+      int req = bson_snprintf (out + (2 * i), 3, "%02x", data[i]);
+      BSON_ASSERT (req < 3);
    }
    out[NUM_BYTES * 2] = '\0';
 

src/libmongoc/src/mongoc/mongoc-counters.c

@@ -136,7 +136,9 @@ _mongoc_counters_cleanup (void)
       int pid;
 
       pid = getpid ();
-      bson_snprintf (name, sizeof name, "/mongoc-%u", pid);
+      // Truncation is OK.
+      int req = bson_snprintf (name, sizeof name, "/mongoc-%u", pid);
+      BSON_ASSERT (req > 0);
       shm_unlink (name);
 #endif
    }
@@ -168,7 +170,9 @@ mongoc_counters_alloc (size_t size)
    }
 
    pid = getpid ();
-   bson_snprintf (name, sizeof name, "/mongoc-%u", pid);
+   // Truncation is OK.
+   int req = bson_snprintf (name, sizeof name, "/mongoc-%u", pid);
+   BSON_ASSERT (req > 0);
 
 #ifndef O_NOFOLLOW
 #define O_NOFOLLOW 0

src/libmongoc/src/mongoc/mongoc-crypt.c

@@ -166,7 +166,9 @@ _prefix_mongocryptd_error (bson_error_t *error)
 {
    char buf[sizeof (error->message)];
 
-   bson_snprintf (buf, sizeof (buf), "mongocryptd error: %s:", error->message);
+   // Truncation is OK.
+   int req = bson_snprintf (buf, sizeof (buf), "mongocryptd error: %s:", error->message);
+   BSON_ASSERT (req > 0);
    memcpy (error->message, buf, sizeof (buf));
 }
 
@@ -175,7 +177,9 @@ _prefix_keyvault_error (bson_error_t *error)
 {
    char buf[sizeof (error->message)];
 
-   bson_snprintf (buf, sizeof (buf), "key vault error: %s:", error->message);
+   // Truncation is OK.
+   int req = bson_snprintf (buf, sizeof (buf), "key vault error: %s:", error->message);
+   BSON_ASSERT (req > 0);
    memcpy (error->message, buf, sizeof (buf));
 }
 

src/libmongoc/src/mongoc/mongoc-gridfs-bucket.c

@@ -102,14 +102,18 @@ mongoc_gridfs_bucket_new (mongoc_database_t *db,
                       "bucketName \"%s\" must have fewer than %d characters",
                       gridfs_opts.bucketName,
                       (int) (sizeof (buf) - (strlen (".chunks") + 1)));
+      return NULL;
    }
 
    bucket = (mongoc_gridfs_bucket_t *) bson_malloc0 (sizeof *bucket);
 
-   bson_snprintf (buf, sizeof (buf), "%s.chunks", gridfs_opts.bucketName);
+   // Expect no truncation from above, checking no error occurred.
+   int req = bson_snprintf (buf, sizeof (buf), "%s.chunks", gridfs_opts.bucketName);
+   BSON_ASSERT (req > 0);
    bucket->chunks = mongoc_database_get_collection (db, buf);
 
-   bson_snprintf (buf, sizeof (buf), "%s.files", gridfs_opts.bucketName);
+   req = bson_snprintf (buf, sizeof (buf), "%s.files", gridfs_opts.bucketName);
+   BSON_ASSERT (req > 0);
    bucket->files = mongoc_database_get_collection (db, buf);
 
    if (gridfs_opts.writeConcern) {

src/libmongoc/src/mongoc/mongoc-gridfs.c

@@ -116,10 +116,13 @@ _mongoc_gridfs_new (mongoc_client_t *client, const char *db, const char *prefix,
 
    gridfs->client = client;
 
-   bson_snprintf (buf, sizeof (buf), "%s.chunks", prefix);
+   // Expect no truncation from above, checking no error occurred.
+   int req = bson_snprintf (buf, sizeof (buf), "%s.chunks", prefix);
+   BSON_ASSERT (req > 0);
    gridfs->chunks = mongoc_client_get_collection (client, db, buf);
 
-   bson_snprintf (buf, sizeof (buf), "%s.files", prefix);
+   req = bson_snprintf (buf, sizeof (buf), "%s.files", prefix);
+   BSON_ASSERT (req > 0);
    gridfs->files = mongoc_client_get_collection (client, db, buf);
 
    r = _mongoc_gridfs_ensure_index (gridfs, error);

src/libmongoc/src/mongoc/mongoc-handshake.c

@@ -301,8 +301,10 @@ _get_os_version (void)
 #endif
 
    if (res) {
-      bson_snprintf (
+      // Truncation is OK.
+      int req = bson_snprintf (
          ret, HANDSHAKE_OS_VERSION_MAX, "%lu.%lu (%lu)", osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber);
+      BSON_ASSERT (req > 0);
       found = true;
    } else {
       MONGOC_WARNING ("Error with GetVersionEx(): %lu", GetLastError ());

src/libmongoc/src/mongoc/mongoc-host-list-private.h

@@ -24,9 +24,6 @@
 
 BSON_BEGIN_DECLS
 
-mongoc_host_list_t *
-_mongoc_host_list_push (const char *host, uint16_t port, int family, mongoc_host_list_t *next);
-
 void
 _mongoc_host_list_upsert (mongoc_host_list_t **list, const mongoc_host_list_t *new_host);
 

src/libmongoc/src/mongoc/mongoc-host-list.c

@@ -21,36 +21,6 @@
 #include "mongoc-util-private.h"
 #include "utlist.h"
 
-/*
- *--------------------------------------------------------------------------
- *
- * _mongoc_host_list_push --
- *
- *       Add a host to the front of the list and return it.
- *
- * Side effects:
- *       None.
- *
- *--------------------------------------------------------------------------
- */
-mongoc_host_list_t *
-_mongoc_host_list_push (const char *host, uint16_t port, int family, mongoc_host_list_t *next)
-{
-   mongoc_host_list_t *h;
-
-   BSON_ASSERT (host);
-
-   h = bson_malloc0 (sizeof (mongoc_host_list_t));
-   bson_strncpy (h->host, host, sizeof h->host);
-   h->port = port;
-   bson_snprintf (h->host_and_port, sizeof h->host_and_port, "%s:%hu", host, port);
-
-   h->family = family;
-   h->next = next;
-
-   return h;
-}
-
 static mongoc_host_list_t *
 _mongoc_host_list_find_host_and_port (mongoc_host_list_t *hosts, const char *host_and_port)
 {

src/libmongoc/src/mongoc/mongoc-read-prefs.c

@@ -85,7 +85,9 @@ mongoc_read_prefs_add_tag (mongoc_read_prefs_t *read_prefs, const bson_t *tag)
    BSON_ASSERT (read_prefs);
 
    key = bson_count_keys (&read_prefs->tags);
-   bson_snprintf (str, sizeof str, "%d", key);
+   // Expect no truncation.
+   int req = bson_snprintf (str, sizeof str, "%d", key);
+   BSON_ASSERT (bson_cmp_less_su (req, sizeof str));
 
    if (tag) {
       bson_append_document (&read_prefs->tags, str, -1, tag);

src/libmongoc/src/mongoc/mongoc-sasl.c

@@ -165,7 +165,9 @@ _mongoc_sasl_get_canonicalized_name (mongoc_stream_t *node_stream, /* IN */
       if (sock) {
          canonicalized = mongoc_socket_getnameinfo (sock);
          if (canonicalized) {
-            bson_snprintf (name, namelen, "%s", canonicalized);
+            // Truncation is OK.
+            int req = bson_snprintf (name, namelen, "%s", canonicalized);
+            BSON_ASSERT (req > 0);
             bson_free (canonicalized);
             RETURN (true);
          }

src/libmongoc/src/mongoc/mongoc-socket.c

@@ -1516,20 +1516,27 @@ mongoc_socket_inet_ntop (struct addrinfo *rp, /* IN */
 {
    void *ptr;
    char tmp[256];
+   int req;
 
    switch (rp->ai_family) {
    case AF_INET:
       ptr = &((struct sockaddr_in *) rp->ai_addr)->sin_addr;
       inet_ntop (rp->ai_family, ptr, tmp, sizeof (tmp));
-      bson_snprintf (buf, buflen, "ipv4 %s", tmp);
+      // Truncation is OK.
+      req = bson_snprintf (buf, buflen, "ipv4 %s", tmp);
+      BSON_ASSERT (req > 0);
       break;
    case AF_INET6:
       ptr = &((struct sockaddr_in6 *) rp->ai_addr)->sin6_addr;
       inet_ntop (rp->ai_family, ptr, tmp, sizeof (tmp));
-      bson_snprintf (buf, buflen, "ipv6 %s", tmp);
+      // Truncation is OK.
+      req = bson_snprintf (buf, buflen, "ipv6 %s", tmp);
+      BSON_ASSERT (req > 0);
       break;
    default:
-      bson_snprintf (buf, buflen, "unknown ip %d", rp->ai_family);
+      // Truncation is OK.
+      req = bson_snprintf (buf, buflen, "unknown ip %d", rp->ai_family);
+      BSON_ASSERT (req > 0);
       break;
    }
 }

src/libmongoc/src/mongoc/mongoc-topology-scanner.c

@@ -850,7 +850,9 @@ mongoc_topology_scanner_node_setup_tcp (mongoc_topology_scanner_node_t *node, bs
    }
 
    if (!node->dns_results) {
-      bson_snprintf (portstr, sizeof portstr, "%hu", host->port);
+      // Expect no truncation.
+      int req = bson_snprintf (portstr, sizeof portstr, "%hu", host->port);
+      BSON_ASSERT (bson_cmp_less_su (req, sizeof portstr));
 
       memset (&hints, 0, sizeof hints);
       hints.ai_family = host->family;
@@ -910,7 +912,13 @@ mongoc_topology_scanner_node_connect_unix (mongoc_topology_scanner_node_t *node,
 
    memset (&saddr, 0, sizeof saddr);
    saddr.sun_family = AF_UNIX;
-   bson_snprintf (saddr.sun_path, sizeof saddr.sun_path - 1, "%s", host->host);
+   // Expect no truncation.
+   int req = bson_snprintf (saddr.sun_path, sizeof saddr.sun_path - 1, "%s", host->host);
+
+   if (bson_cmp_greater_equal_su (req, sizeof saddr.sun_path - 1)) {
+      bson_set_error (error, MONGOC_ERROR_STREAM, MONGOC_ERROR_STREAM_SOCKET, "Failed to define socket address path.");
+      RETURN (false);
+   }
 
    sock = mongoc_socket_new (AF_UNIX, SOCK_STREAM, 0);
 

src/libmongoc/src/mongoc/mongoc-util.c

@@ -74,7 +74,9 @@ _mongoc_hex_md5 (const char *input)
    mcommon_md5_finish (&md5, digest);
 
    for (i = 0; i < sizeof digest; i++) {
-      bson_snprintf (&digest_str[i * 2], 3, "%02x", digest[i]);
+      // Expect no truncation.
+      int req = bson_snprintf (&digest_str[i * 2], 3, "%02x", digest[i]);
+      BSON_ASSERT (req < 3);
    }
    digest_str[sizeof digest_str - 1] = '\0';
 
@@ -1008,7 +1010,9 @@ bin_to_hex (const uint8_t *bin, uint32_t len)
    char *out = bson_malloc0 (2u * len + 1u);
 
    for (uint32_t i = 0u; i < len; i++) {
-      bson_snprintf (out + (2u * i), 3, "%02x", bin[i]);
+      // Expect no truncation.
+      int req = bson_snprintf (out + (2u * i), 3, "%02x", bin[i]);
+      BSON_ASSERT (req < 3);
    }
 
    return out;

src/libmongoc/tests/test-mongoc-dns.c

@@ -74,6 +74,36 @@ typedef struct {
 } context_t;
 
 
+/*
+ *--------------------------------------------------------------------------
+ *
+ * _mongoc_host_list_push --
+ *
+ *       Add a host to the front of the list and return it.
+ *
+ * Side effects:
+ *       None.
+ *
+ *--------------------------------------------------------------------------
+ */
+static mongoc_host_list_t *
+_mongoc_host_list_push (const char *host, uint16_t port, int family, mongoc_host_list_t *next)
+{
+   mongoc_host_list_t *h;
+
+   BSON_ASSERT (host);
+
+   h = bson_malloc0 (sizeof (mongoc_host_list_t));
+   bson_strncpy (h->host, host, sizeof h->host);
+   h->port = port;
+   bson_snprintf (h->host_and_port, sizeof h->host_and_port, "%s:%hu", host, port);
+
+   h->family = family;
+   h->next = next;
+
+   return h;
+}
+
 static void
 topology_changed (const mongoc_apm_topology_changed_t *event)
 {

src/libmongoc/tests/test-mongoc-gridfs-bucket.c

@@ -1035,8 +1035,8 @@ test_gridfs_bucket_opts (void)
    bson_destroy (opts);
    mongoc_gridfs_bucket_destroy (gridfs);
 
-   /* one character shorter should be okay though. */
-   *(bucket_name + ((int) (128 - strlen ("chunks") - 1))) = '\0';
+   /* two characters shorter should be okay though. */
+   *(bucket_name + ((int) (128 - strlen ("chunks") - 2))) = '\0';
    opts = BCON_NEW ("bucketName", bucket_name);
    gridfs = mongoc_gridfs_bucket_new (db, opts, NULL, &error);
    ASSERT_OR_PRINT (gridfs, error);