Date: Fri, 10 Jan 2025 20:30:19 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 283909] bsnmpget/walk: coredump when SNMPPASSWD is empty Message-ID: <bug-283909-227-k0m3jUtFz5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-283909-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283909 Mark Johnston <markj@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |markj@FreeBSD.org --- Comment #4 from Mark Johnston <markj@FreeBSD.org> --- (In reply to Gleb Smirnoff from comment #3) Looks reasonable to me. The code which allocates the buffer also looks wrong: 174 if ((str = getenv("SNMPPASSWD")) != NULL) { 175 if ((slen = strlen(str)) > MAXSTR) 176 slen = MAXSTR - 1; 177 if ((snmptoolctx->passwd = malloc(slen + 1)) == NULL) { 178 warn("malloc() failed"); 179 return (-1); 180 } 181 if (slen > 0) 182 strlcpy(snmptoolctx->passwd, str, slen + 1); 183 } Aren't we leaving passwd[0] uninitialized if slen == 0? -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283909-227-k0m3jUtFz5>