d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix theoretical buffer overflow issues in snmp_oid2asn_oid

Browse Source 
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.

Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
This commit is contained in:
Enji Cooper 2016-05-14 21:32:52 +00:00
parent 78a780e3e5
commit 81910adfc4
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
View File

@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str,
struct asn_oid *oid) struct asn_oid *oid)
{ {
int32_t i; int32_t i;
char string[MAXSTR], *endptr; char string[MAXSTR + 1], *endptr;
struct snmp_object obj; struct snmp_object obj;
for (i = 0; i < MAXSTR; i++) for (i = 0; i < MAXSTR; i++)
@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str,
return (NULL); return (NULL);
} else { } else {
strlcpy(string, str, i + 1); strlcpy(string, str, i + 1);
string[i] = '\0';
if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) { if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) {
warnx("Unknown string - %s", string); warnx("Unknown string - %s", string);
return (NULL); return (NULL);