Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 31 Dec 2016 11:50:36 +0000 (UTC)
From:      Ngie Cooper <ngie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r310950 - head/contrib/bsnmp/snmp_mibII
Message-ID:  <201612311150.uBVBoaCj058856@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ngie
Date: Sat Dec 31 11:50:36 2016
New Revision: 310950
URL: https://svnweb.freebsd.org/changeset/base/310950

Log:
  MIB-II: use strlcpy when copying interface names to .ifr_name
  
  .ifra_name is assumed to be NUL terminated; using strlcpy(3)
  ensures that it's indeed NUL terminated whereas strncpy does
  not.
  
  Tested and verified as follows with a combination of ifconfig,
  snmpget, and snmpset:
  
    % ifconfig create lo1 127.0.0.2/8
    % SNMPARGS="-v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des -X bsnmptest localhost"
    % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
    IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
    % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 2
    IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
    % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
    IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
    % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 1
    IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
    % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
    IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
  
  MFC after:	2 weeks
  Reported by:	Coverity
  CID:		1009652-1009656, 1349850

Modified:
  head/contrib/bsnmp/snmp_mibII/mibII.c
  head/contrib/bsnmp/snmp_mibII/mibII_interfaces.c

Modified: head/contrib/bsnmp/snmp_mibII/mibII.c
==============================================================================
--- head/contrib/bsnmp/snmp_mibII/mibII.c	Sat Dec 31 11:42:57 2016	(r310949)
+++ head/contrib/bsnmp/snmp_mibII/mibII.c	Sat Dec 31 11:50:36 2016	(r310950)
@@ -265,7 +265,7 @@ mib_if_admin(struct mibif *ifp, int up)
 {
 	struct ifreq ifr;
 
-	strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
+	strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
 	if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
 		syslog(LOG_ERR, "SIOCGIFFLAGS(%s): %m", ifp->name);
 		return (-1);
@@ -515,7 +515,7 @@ mib_fetch_ifmib(struct mibif *ifp)
 	}
 
   out:
-	strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
+	strlcpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
 	irr.ifr_buffer.buffer = MIBIF_PRIV(ifp)->alias;
 	irr.ifr_buffer.length = sizeof(MIBIF_PRIV(ifp)->alias);
 	if (ioctl(mib_netsock, SIOCGIFDESCR, &irr) == -1) {
@@ -1384,7 +1384,7 @@ siocaifaddr(char *ifname, struct in_addr
 	struct sockaddr_in *sa;
 
 	memset(&addreq, 0, sizeof(addreq));
-	strncpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
+	strlcpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
 
 	sa = (struct sockaddr_in *)(void *)&addreq.ifra_addr;
 	sa->sin_family = AF_INET;
@@ -1414,7 +1414,7 @@ siocdifaddr(const char *ifname, struct i
 	struct sockaddr_in *sa;
 
 	memset(&delreq, 0, sizeof(delreq));
-	strncpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
+	strlcpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
 	sa = (struct sockaddr_in *)(void *)&delreq.ifr_addr;
 	sa->sin_family = AF_INET;
 	sa->sin_len = sizeof(*sa);
@@ -1433,7 +1433,7 @@ verify_ifa(const char *name, struct mibi
 	struct sockaddr_in *sa;
 
 	memset(&req, 0, sizeof(req));
-	strncpy(req.ifr_name, name, sizeof(req.ifr_name));
+	strlcpy(req.ifr_name, name, sizeof(req.ifr_name));
 	sa = (struct sockaddr_in *)(void *)&req.ifr_addr;
 	sa->sin_family = AF_INET;
 	sa->sin_len = sizeof(*sa);

Modified: head/contrib/bsnmp/snmp_mibII/mibII_interfaces.c
==============================================================================
--- head/contrib/bsnmp/snmp_mibII/mibII_interfaces.c	Sat Dec 31 11:42:57 2016	(r310949)
+++ head/contrib/bsnmp/snmp_mibII/mibII_interfaces.c	Sat Dec 31 11:50:36 2016	(r310950)
@@ -77,7 +77,7 @@ ifchange_func(struct snmp_context *ctx _
 	switch (op) {
 
 	  case SNMP_DEPOP_COMMIT:
-		strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
+		strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
 		if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
 			syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
 			return (SNMP_ERR_GENERR);
@@ -95,7 +95,7 @@ ifchange_func(struct snmp_context *ctx _
 			ifc->rb |= IFRB_FLAGS;
 		}
 		if (ifc->rb & IFRB_FLAGS) {
-			strncpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
+			strlcpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
 			if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr1) == -1) {
 				syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
 				return (SNMP_ERR_GENERR);
@@ -116,7 +116,7 @@ ifchange_func(struct snmp_context *ctx _
 
 	  case SNMP_DEPOP_ROLLBACK:
 		if (ifc->rb & IFRB_FLAGS) {
-			strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
+			strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
 			ifr.ifr_flags = ifc->rb_flags;
 			if (ioctl(mib_netsock, SIOCSIFFLAGS, &ifr) == -1) {
 				syslog(LOG_ERR, "SIFFLAGS(%s): %m", ifp->name);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612311150.uBVBoaCj058856>