Actually use the loop interation limit so carefully computed on the

previous line to prevent buffer overflow. This turns out to not be important because the upstream xdr code already capped the object size at the proper value. Using the correct limit here looks a lot less scary and should please Coverity. Reported by: Coverity CID: 1199309, 1199310 MFC after: 1 week
2016-05-16 23:00:48 +00:00 · 2016-05-16 23:00:48 +00:00 · b6ecea3082
commit b6ecea3082
parent a971082444
1 changed files with 1 additions and 1 deletions
--- a/usr.sbin/rpc.lockd/lock_proc.c
+++ b/usr.sbin/rpc.lockd/lock_proc.c
@ -112,7 +112,7 @@ log_netobj(netobj *obj)
 	}
 	/* Prevent the security hazard from the buffer overflow */
 	maxlen = (obj->n_len < MAX_NETOBJ_SZ ? obj->n_len : MAX_NETOBJ_SZ);
-	for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < obj->n_len;
+	for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < maxlen;
 	    i++, tmp1 +=2, tmp2 +=1) {
 		sprintf(tmp1,"%02X",*(obj->n_bytes+i));
 		sprintf(tmp2,"%c",*(obj->n_bytes+i));