Date: Fri, 22 Apr 2016 09:44:50 +0000 (UTC) From: Garrett Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r298467 - user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm Message-ID: <201604220944.u3M9ioP3067235@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Fri Apr 22 09:44:49 2016 New Revision: 298467 URL: https://svnweb.freebsd.org/changeset/base/298467 Log: Consistently use sizeof for the known buffer when calling memcpy/memset This fixes a copy-pasto when handling LEAF_usmUserAuthKeyChange where SNMP_AUTH_KEY_SIZ was used instead of SNMP_PRIV_KEY_SIZ, resulting in a potential buffer overflow scenario MFC after: 2 weeks CID: 1008326, 1009675 Reported by: Coverity Sponsored by: EMC / Isilon Storage Division Modified: user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c Modified: user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c ============================================================================== --- user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c Fri Apr 22 08:56:47 2016 (r298466) +++ user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c Fri Apr 22 09:44:49 2016 (r298467) @@ -262,7 +262,7 @@ op_usm_users(struct snmp_context *ctx, s if (ctx->scratch->ptr1 == NULL) return (SNMP_ERR_GENERR); memcpy(ctx->scratch->ptr1, uuser->suser.priv_key, - SNMP_PRIV_KEY_SIZ); + sizeof(uuser->suser.priv_key)); memcpy(uuser->suser.priv_key, val->v.octetstring.octets, val->v.octetstring.len); break; @@ -286,7 +286,7 @@ op_usm_users(struct snmp_context *ctx, s uuser->user_public_len = val->v.octetstring.len; } else { memset(uuser->user_public, 0, - SNMP_ADM_STR32_SIZ); + sizeof(uuser->user_public)); uuser->user_public_len = 0; } break; @@ -351,7 +351,7 @@ op_usm_users(struct snmp_context *ctx, s case LEAF_usmUserAuthKeyChange: case LEAF_usmUserOwnAuthKeyChange: memcpy(uuser->suser.auth_key, ctx->scratch->ptr1, - SNMP_AUTH_KEY_SIZ); + sizeof(uuser->suser.auth_key)); free(ctx->scratch->ptr1); break; case LEAF_usmUserPrivProtocol: @@ -360,7 +360,7 @@ op_usm_users(struct snmp_context *ctx, s case LEAF_usmUserPrivKeyChange: case LEAF_usmUserOwnPrivKeyChange: memcpy(uuser->suser.priv_key, ctx->scratch->ptr1, - SNMP_AUTH_KEY_SIZ); + sizeof(uuser->suser.priv_key)); free(ctx->scratch->ptr1); break; case LEAF_usmUserPublic: @@ -371,7 +371,7 @@ op_usm_users(struct snmp_context *ctx, s free(ctx->scratch->ptr2); } else { memset(uuser->user_public, 0, - SNMP_ADM_STR32_SIZ); + sizeof(uuser->user_public)); uuser->user_public_len = 0; } break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604220944.u3M9ioP3067235>