d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct the buffer length check to avoid overflows.

Browse Source 
Found with:	Coverity Scan
CID:		1222502, 1222503
This commit is contained in:
Luiz Otavio O Souza 2014-06-27 18:40:14 +00:00
parent 3a8794be33
commit c04cdb5738
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
View File

@ -140,7 +140,7 @@ sysctlname(int *oid, int nlen, char *name, size_t len)
{
int mib[12];
if (nlen > (int)sizeof(mib) + 2)
if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
return (-1);
mib[0] = 0;
@ -158,7 +158,7 @@ sysctlgetnext(int *oid, int nlen, int *next, size_t *nextlen)
{
int mib[12];
if (nlen > (int)sizeof(mib) + 2)
if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
return (-1);
mib[0] = 0;
@ -180,10 +180,13 @@ update_sensor_sysctl(char *obuf, size_t *obuflen, int idx, const char *name)
/* Fill out the mib information. */
snprintf(buf, sizeof(buf) - 1, "dev.lm75.%d.%s", idx, name);
len = 4;
len = sizeof(mib) / sizeof(int);
if (sysctlnametomib(buf, mib, &len) == -1)
return (-1);
if (len != 4)
return (-1);
/* Read the sysctl data. */
if (sysctl(mib, len, obuf, obuflen, NULL, 0) == -1)
return (-1);