Date: Fri, 27 Jun 2014 18:40:15 +0000 (UTC) From: Luiz Otavio O Souza <loos@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r267969 - head/usr.sbin/bsnmpd/modules/snmp_lm75 Message-ID: <201406271840.s5RIeFF9036988@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: loos Date: Fri Jun 27 18:40:14 2014 New Revision: 267969 URL: http://svnweb.freebsd.org/changeset/base/267969 Log: Correct the buffer length check to avoid overflows. Found with: Coverity Scan CID: 1222502, 1222503 Modified: head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c Modified: head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c ============================================================================== --- head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c Fri Jun 27 18:32:20 2014 (r267968) +++ head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c Fri Jun 27 18:40:14 2014 (r267969) @@ -140,7 +140,7 @@ sysctlname(int *oid, int nlen, char *nam { int mib[12]; - if (nlen > (int)sizeof(mib) + 2) + if (nlen > (int)(sizeof(mib) / sizeof(int) - 2)) return (-1); mib[0] = 0; @@ -158,7 +158,7 @@ sysctlgetnext(int *oid, int nlen, int *n { int mib[12]; - if (nlen > (int)sizeof(mib) + 2) + if (nlen > (int)(sizeof(mib) / sizeof(int) - 2)) return (-1); mib[0] = 0; @@ -180,10 +180,13 @@ update_sensor_sysctl(char *obuf, size_t /* Fill out the mib information. */ snprintf(buf, sizeof(buf) - 1, "dev.lm75.%d.%s", idx, name); - len = 4; + len = sizeof(mib) / sizeof(int); if (sysctlnametomib(buf, mib, &len) == -1) return (-1); + if (len != 4) + return (-1); + /* Read the sysctl data. */ if (sysctl(mib, len, obuf, obuflen, NULL, 0) == -1) return (-1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406271840.s5RIeFF9036988>