svn commit: r299765 - head/usr.sbin/bsnmpd/tools/libbsnmptools
Garrett Cooper
ngie at FreeBSD.org
Sat May 14 21:32:54 UTC 2016
Author: ngie
Date: Sat May 14 21:32:52 2016
New Revision: 299765
URL: https://svnweb.freebsd.org/changeset/base/299765
Log:
Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.
Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.
MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
Modified:
head/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
Modified: head/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
==============================================================================
--- head/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c Sat May 14 21:27:33 2016 (r299764)
+++ head/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c Sat May 14 21:32:52 2016 (r299765)
@@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *s
struct asn_oid *oid)
{
int32_t i;
- char string[MAXSTR], *endptr;
+ char string[MAXSTR + 1], *endptr;
struct snmp_object obj;
for (i = 0; i < MAXSTR; i++)
@@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *s
return (NULL);
} else {
strlcpy(string, str, i + 1);
- string[i] = '\0';
if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) {
warnx("Unknown string - %s", string);
return (NULL);
More information about the svn-src-head
mailing list