From d20d003d02db33d439cc7ec7d18bd8b473e62e7f Mon Sep 17 00:00:00 2001 From: ngie Date: Sat, 14 May 2016 21:32:52 +0000 Subject: Fix theoretical buffer overflow issues in snmp_oid2asn_oid Increase the size of `string` by 1 to account for the '\0' terminator. In the event that `str` doesn't contain any non-alpha chars, i would be set to MAXSTR, and the subsequent strlcpy call would overflow by a character. Remove unnecessary `string[i] = '\0'` -- this is already handled by strlcpy. MFC after: 1 week Reported by: clang Sponsored by: EMC / Isilon Storage Division --- usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'usr.sbin/bsnmpd') diff --git a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c index 4ab229d..2c7b2d2 100644 --- a/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c +++ b/usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptools.c @@ -1060,7 +1060,7 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, struct asn_oid *oid) { int32_t i; - char string[MAXSTR], *endptr; + char string[MAXSTR + 1], *endptr; struct snmp_object obj; for (i = 0; i < MAXSTR; i++) @@ -1076,7 +1076,6 @@ snmp_oid2asn_oid(struct snmp_toolinfo *snmptoolctx, char *str, return (NULL); } else { strlcpy(string, str, i + 1); - string[i] = '\0'; if (snmp_lookup_enumoid(snmptoolctx, &obj, string) < 0) { warnx("Unknown string - %s", string); return (NULL); -- cgit v1.1