From 81910adfc4985d295983040d2e913f2bb3a11808 Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Sat, 14 May 2016 21:32:52 +0000 Subject: [PATCH] Fix theoretical buffer overflow issues in snmp_oid2asn_oid Increase the size of `string` by 1 to account for the '\0' terminator. In the event that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and the subsequent strlcpy call would overflow by a character. Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy. MFC after: 1 week Reported by: clang Sponsored by: EMC / Isilon Storage Division --- usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c index 4ab229db44d3..2c7b2d243b12 100644 --- a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c +++ b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c @@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, struct asn_oid *oid) { int32_t i; - char string[MAXSTR], *endptr; + char string[MAXSTR + 1], *endptr; struct snmp_object obj; for (i = 0; i < MAXSTR; i++) @@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, return (NULL); } else { strlcpy(string, str, i + 1); - string[i] = '\0'; if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) { warnx("Unknown string - %s", string); return (NULL);