From 0452837f6edfa6de53feb2f15fea26d413ac0556 Mon Sep 17 00:00:00 2001
From: wdbee <wdbee@30fe4595-0a0c-4342-8851-515496e4dcbd>
Date: Mon, 15 Dec 2014 13:10:15 +0000
Subject: [PATCH] GfParmWriteBuf: Clean buffer for output

git-svn-id: https://svn.code.sf.net/p/speed-dreams/code/trunk@5894 30fe4595-0a0c-4342-8851-515496e4dcbd

Former-commit-id: 8acf0caf30c2f244cd3c4ec214d700684d7c0c72
Former-commit-id: 90ab74081b779fd91e5d96994e96bde2d83da638
---
 src/libs/tgf/params.cpp | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/libs/tgf/params.cpp b/src/libs/tgf/params.cpp
index 17af688f0..7e0b6a8ab 100644
--- a/src/libs/tgf/params.cpp
+++ b/src/libs/tgf/params.cpp
@@ -1624,12 +1624,12 @@ xmlGetOuputLine (struct parmHandle *parmHandle, char *buffer, int /* size */, bo
 
 /** Write a configuration buffer.
     @ingroup	conf
-    @param	logHandle	log handle
-    @param	parmHandle	Configuration handle
-    @param	buf		buffer to write the configuration
-    @param	size		buffer size
+    @param	handle	Configuration handle
+    @param	buf		buffer to write the configuration to
+    @param	size	buffer size (has to be > 0)
     @return	0 if OK
-    		<br>1 if Error
+			<br>-1 if data was truncated
+    		<br>1 if other error
 */
 int
 GfParmWriteBuf (void *handle, char *buf, int size)
@@ -1642,9 +1642,18 @@ GfParmWriteBuf (void *handle, char *buf, int size)
 
     if ((parmHandle == NULL) || (parmHandle->magic != PARM_MAGIC)) {
 		GfLogFatal ("GfParmWriteBuf: bad handle (%p)\n", parmHandle);
-		return 1;
+		return 1; // Error
     }
 
+    // Check buf for NULL before memcpy()ing to it later
+    if((buf == NULL) || (size <= 0)){
+       GfLogFatal ("GfParmWriteBuf: bad buf or size (%p) (%d) \n", buf,size);
+       return 1; // Error
+    }
+
+	// Clear buf to contain 0 for all chars
+	memset(buf,0,size);
+
     parmHandle->outCtrl.state = 0;
     parmHandle->outCtrl.curSection = NULL;
     parmHandle->outCtrl.curParam = NULL;
@@ -1653,16 +1662,20 @@ GfParmWriteBuf (void *handle, char *buf, int size)
 
     while (curSize && xmlGetOuputLine (parmHandle, line, sizeof (line))) {
 	len = strlen (line);
-	if (len > curSize) {
+	// We need space for the terminating 0, len has to be < curSize! 
+	if (len >= curSize) {
 	    len = curSize;
+		memcpy (s, line, len - 1);
+		// Don't fall through and return 0;
+		return -1; // This is an error: data has been truncated
 	}
 	memcpy (s, line, len);
 	s += len;
 	curSize -= len;
     }
-    buf [size - 1] = 0;
+    // buf [size - 1] = 0; redundant: memset(buf,0,size); and if(len >= curSize){...
     
-    return 0;
+    return 0; // Success
 }
 
 /** Set the dtd path and header if necessary