blkdev: Check return of snprintf and error on truncation

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 2e32b9dc969..0cd5bafd2ac 100644
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -89,7 +89,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
     if (*p == '/')
       *p = '!';
 
-  snprintf(fn, sizeof(fn), "%s/sys/block/%s", sandbox_dir, devname);
+  if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s",
+                                   sandbox_dir, devname))
+      >= sizeof(fn))
+    return -ERANGE;
   if (stat(fn, &st) == 0) {
     if (strlen(devname) + 1 > out_len) {
       return -ERANGE;
@@ -107,8 +110,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   while ((de = ::readdir(dir))) {
     if (de->d_name[0] == '.')
       continue;
-    snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s", sandbox_dir, de->d_name,
-	     devname);
+    if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s",
+                                     sandbox_dir, de->d_name,
+                                     devname)) >= sizeof(fn))
+      return -ERANGE;
 
     if (stat(fn, &st) == 0) {
       // match!