uclient-fetch: read_data_cb: fix a potential buffer overflow

[project/uclient.git] / uclient-fetch.c

diff --git a/uclient-fetch.c b/uclient-fetch.c
index 3c0c36b..dff144b 100644 (file)
--- a/uclient-fetch.c
+++ b/uclient-fetch.c
@@ -254,6 +254,7 @@ static void header_done_cb(struct uclient *cl)
 static void read_data_cb(struct uclient *cl)
 {
        char buf[256];
+       ssize_t n;
        int len;
 
        if (!no_output && output_fd < 0)
@@ -261,12 +262,15 @@ static void read_data_cb(struct uclient *cl)
 
        while (1) {
                len = uclient_read(cl, buf, sizeof(buf));
-               if (!len)
+               if (len <= 0)
                        return;
 
                out_bytes += len;
-               if (!no_output)
-                       write(output_fd, buf, len);
+               if (!no_output) {
+                       n = write(output_fd, buf, len);
+                       if (n < 0)
+                               return;
+               }
        }
 }
 
@@ -489,7 +493,7 @@ static int no_ssl(const char *progname)
 {
        fprintf(stderr,
                "%s: SSL support not available, please install one of the "
-               "libustream-ssl-* libraries as well as the ca-bundle and ",
+               "libustream-ssl-* libraries as well as the ca-bundle and "
                "ca-certificates packages.\n",
                progname);
 
@@ -660,9 +664,11 @@ int main(int argc, char **argv)
        uloop_init();
 
        if (username) {
-               if (password)
-                       asprintf(&auth_str, "%s:%s", username, password);
-               else
+               if (password) {
+                       rc = asprintf(&auth_str, "%s:%s", username, password);
+                       if (rc < 0)
+                               return rc;
+               } else
                        auth_str = username;
        }