Fix theoretical buffer overflow issues in snmp_oid2asn_oid

Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.

Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.

MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division

1 files changed, 1 insertions, 2 deletions

diff --git a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
index 4ab229d..2c7b2d2 100644
--- a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
+++ b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c
@@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str,
     struct asn_oid *oid)
 {
 	int32_t i;
-	char string[MAXSTR], *endptr;
+	char string[MAXSTR + 1], *endptr;
 	struct snmp_object obj;
 
 	for (i = 0; i < MAXSTR; i++)
@@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str,
 			return (NULL);
 	} else {
 		strlcpy(string, str, i + 1);
-		string[i] = '\0';
 		if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) {
 			warnx("Unknown string - %s", string);
 			return (NULL);