Date: Mon, 15 Dec 2025 18:18:27 +0000 From: Jessica Clarke <jrtc27@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Dapeng Gao <dg612@cam.ac.uk> Subject: git: e41762d412d7 - stable/13 - Fix off-by-one bug in btpand Message-ID: <694050f3.25529.6e9489e1@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/13 has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=e41762d412d7d06a85db031de100cd0b2a5c0c02 commit e41762d412d7d06a85db031de100cd0b2a5c0c02 Author: Dapeng Gao <dg612@cam.ac.uk> AuthorDate: 2024-06-03 19:30:36 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2025-12-15 17:56:35 +0000 Fix off-by-one bug in btpand `ul` reaches `__arraycount(services)` before the bound-check happens, causing undefined behaviour. Reviewed by: imp, jrtc27 Fixes: 7718ced0ea98 ("Add btpand(8) daemon from NetBSD.") MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D45463 (cherry picked from commit fbfdf57d65bedfab28f9debc8a4a8d6802f9338a) --- usr.sbin/bluetooth/btpand/btpand.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.sbin/bluetooth/btpand/btpand.c b/usr.sbin/bluetooth/btpand/btpand.c index a0f380918bf1..721bafba8321 100644 --- a/usr.sbin/bluetooth/btpand/btpand.c +++ b/usr.sbin/bluetooth/btpand/btpand.c @@ -147,11 +147,14 @@ main(int argc, char *argv[]) case 's': /* service */ case 'S': /* service (no SDP) */ - for (ul = 0; strcasecmp(optarg, services[ul].name); ul++) { - if (ul == __arraycount(services)) - errx(EXIT_FAILURE, "%s: unknown service", optarg); + for (ul = 0; ul < __arraycount(services); ul++) { + if (strcasecmp(optarg, services[ul].name) == 0) + break; } + if (ul == __arraycount(services)) + errx(EXIT_FAILURE, "%s: unknown service", optarg); + if (ch == 's') service_name = services[ul].name;help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?694050f3.25529.6e9489e1>