diff options
author | ngie <ngie@FreeBSD.org> | 2016-05-14 21:32:52 +0000 |
---|---|---|
committer | ngie <ngie@FreeBSD.org> | 2016-05-14 21:32:52 +0000 |
commit | d20d003d02db33d439cc7ec7d18bd8b473e62e7f (patch) | |
tree | 1c2baf36561d0723da599947be09ec97e1c70d17 /usr.sbin | |
parent | fc842bcc02dea1dc7fe1b1ec158cf816d7adf25b (diff) | |
download | FreeBSD-src-d20d003d02db33d439cc7ec7d18bd8b473e62e7f.zip FreeBSD-src-d20d003d02db33d439cc7ec7d18bd8b473e62e7f.tar.gz |
Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Increase the size of `string` by 1 to account for the '\0' terminator. In the event
that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and
the subsequent strlcpy call would overflow by a character.
Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy.
MFC after: 1 week
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c index 4ab229d..2c7b2d2 100644 --- a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c +++ b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c @@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, struct asn_oid *oid) { int32_t i; - char string[MAXSTR], *endptr; + char string[MAXSTR + 1], *endptr; struct snmp_object obj; for (i = 0; i < MAXSTR; i++) @@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, return (NULL); } else { strlcpy(string, str, i + 1); - string[i] = '\0'; if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) { warnx("Unknown string - %s", string); return (NULL); |