upnp_event_prepare(): check the return value of snprintf()
Upstream fix for 'read out-of-bounds vulnerability' which was caused due
to lack of validating snprintf().
BUG=b:251174336
TEST=Compile and verify with miniupnpd_poc.py on mistral
Logs without fix
2022-10-18T18:31:06.697446Z INFO miniupnpd[3160]: HTTP REQUEST : SUBSCRIBE /evt/L3F (HTTP/1.1)
2022-10-18T18:31:06.749677Z NOTICE miniupnpd[3160]: upnp_event_send: 28960 bytes send out of 1049581
2022-10-18T18:31:06.751622Z NOTICE miniupnpd[3160]: upnp_event_send: 65160 bytes send out of 1020621
2022-10-18T18:31:06.758448Z NOTICE miniupnpd[3160]: upnp_event_send: 50680 bytes send out of 955461
2022-10-18T18:31:06.932178Z WARNING crash_reporter[8007]: [user] Received crash notification for miniupnpd[3160] sig 11, user 1105 group 1105 (handling)
Logs with fix
2022-10-18T18:47:48.934511Z INFO miniupnpd[3169]: HTTP REQUEST : SUBSCRIBE /evt/L3F (HTTP/1.1)
2022-10-18T18:47:48.992672Z NOTICE miniupnpd[3169]: upnp_event_send: 28960 bytes send out of 1049581
2022-10-18T18:47:48.998855Z NOTICE miniupnpd[3169]: upnp_event_send: 83984 bytes send out of 1020621
...
2022-10-18T18:48:09.513467Z NOTICE miniupnpd[3169]: upnp_event_send: 39096 bytes send out of 121413
2022-10-18T18:48:11.475740Z NOTICE miniupnpd[3169]: upnp_event_send: 34752 bytes send out of 82317
2022-10-18T18:48:13.275649Z NOTICE miniupnpd[3169]: upnp_event_send: 34752 bytes send out of 47565
Change-Id: I6a35430df984dc33ab52ffd509efe95a0b1facb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/3964968
Tested-by: Raju Konduru <rkonduru@google.com>
Reviewed-by: Kishan Kunduru <kkunduru@chromium.org>
Reviewed-by: Tao Jin <jintao@google.com>
Commit-Queue: Raju Konduru <rkonduru@google.com>
Reviewed-by: Kevin Hayes <kevinhayes@google.com>
(cherry picked from commit e563726580312b5a46c931658b27e3ec1bf8005d)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/3966662
Reviewed-by: Julan Hsu <julanhsu@google.com>
3 files changed
