logsrvd_queue_scan: check for snprintf() return value < 0

millert · millert · commit dfa1434c6edd · 2025-11-12T19:16:44.000-07:00
Found by the ZeroPath AI Security Engineer <https://zeropath.com>
diff --git a/logsrvd/logsrvd_queue.c b/logsrvd/logsrvd_queue.c
@@ -215,7 +215,7 @@ logsrvd_queue_scan(struct sudo_event_base *evbase)
 
     dirlen = snprintf(path, sizeof(path), "%s/outgoing/%s",
 	logsrvd_conf_relay_dir(), uuid_template);
-    if (dirlen >= ssizeof(path)) {
+    if (dirlen < 0 || dirlen >= ssizeof(path)) {
 	errno = ENAMETOOLONG;
 	sudo_warn("%s/outgoing/%s", logsrvd_conf_relay_dir(), uuid_template);
 	debug_return_bool(false);
