From b8e085988098aaab8fdd8f1c64a68e7920732f93 Mon Sep 17 00:00:00 2001
From: Andrew Bettison <andrew@servalproject.org>
Date: Fri, 15 Nov 2013 17:10:33 +1030
Subject: [PATCH] Fix off-by-one buffer size errors when using tohex()

---
 rhizome_database.c | 10 +++++-----
 serval.h           |  2 +-
 str.h              |  3 ++-
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/rhizome_database.c b/rhizome_database.c
index 5bd9d328..7a0065ed 100644
--- a/rhizome_database.c
+++ b/rhizome_database.c
@@ -740,10 +740,10 @@ int _sqlite_vbind(struct __sourceloc __whence, int log_level, sqlite_retry_state
 	      if (hashp == NULL) {
 		BIND_NULL(RHIZOME_FILEHASH_T);
 	      } else {
-		char hash_hex[RHIZOME_FILEHASH_STRLEN];
-		tohex(hash_hex, sizeof hash_hex, hashp->binary);
-		BIND_DEBUG(RHIZOME_FILEHASH_T, sqlite3_bind_text, "%s,%zu,SQLITE_TRANSIENT", hash_hex, sizeof hash_hex);
-		BIND_RETRY(sqlite3_bind_text, hash_hex, sizeof hash_hex, SQLITE_TRANSIENT);
+		char hash_hex[RHIZOME_FILEHASH_STRLEN + 1];
+		tohex(hash_hex, RHIZOME_FILEHASH_STRLEN, hashp->binary);
+		BIND_DEBUG(RHIZOME_FILEHASH_T, sqlite3_bind_text, "%s,%zu,SQLITE_TRANSIENT", hash_hex, RHIZOME_FILEHASH_STRLEN);
+		BIND_RETRY(sqlite3_bind_text, hash_hex, RHIZOME_FILEHASH_STRLEN, SQLITE_TRANSIENT);
 	      }
 	    }
 	    break;
@@ -1961,7 +1961,7 @@ static int is_interesting(const char *id_hex, int64_t version)
 int rhizome_is_bar_interesting(unsigned char *bar)
 {
   int64_t version = rhizome_bar_version(bar);
-  char id_hex[RHIZOME_MANIFEST_ID_STRLEN];
+  char id_hex[RHIZOME_BAR_PREFIX_BYTES + 2];
   tohex(id_hex, RHIZOME_BAR_PREFIX_BYTES * 2, &bar[RHIZOME_BAR_PREFIX_OFFSET]);
   strcat(id_hex, "%");
   return is_interesting(id_hex, version);
diff --git a/serval.h b/serval.h
index 3fc60dc9..1c0a6373 100644
--- a/serval.h
+++ b/serval.h
@@ -157,7 +157,7 @@ typedef struct sid_binary {
 #define is_sid_t_any(SID) is_all_matching((SID).binary, sizeof (*(sid_t*)0).binary, 0)
 
 #define alloca_tohex_sid_t(sid)         alloca_tohex((sid).binary, sizeof (*(sid_t*)0).binary)
-#define alloca_tohex_sid_t_trunc(sid,strlen)  tohex((char *)alloca((strlen)+2), (strlen), (sid).binary)
+#define alloca_tohex_sid_t_trunc(sid,strlen)  tohex((char *)alloca((strlen)+1), (strlen), (sid).binary)
 
 int cmp_sid_t(const sid_t *a, const sid_t *b);
 int str_to_sid_t(sid_t *sid, const char *hex);
diff --git a/str.h b/str.h
index 9704db27..275457b6 100644
--- a/str.h
+++ b/str.h
@@ -74,7 +74,8 @@ __SERVAL_DNA_STR_INLINE int is_xstring(const char *text, int len)
   return *text == '\0';
 }
 
-/* Converts a given binary blob to uppercase ASCII hexadecimal.
+/* Converts a given binary blob to uppercase ASCII hexadecimal with a NUL terminator on the end.
+ * 'dstHex' must point to a buffer of at least 'dstStrLen' + 1 bytes.
  */
 char *tohex(char *dstHex, size_t dstStrlen, const unsigned char *srcBinary);
 #define alloca_tohex(buf,bytes)  tohex((char *)alloca((bytes)*2+1), (bytes) * 2, (buf))