From owner-svn-src-all@FreeBSD.ORG  Fri Jun 27 18:40:15 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3D6C1C3B;
 Fri, 27 Jun 2014 18:40:15 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2AA462E5F;
 Fri, 27 Jun 2014 18:40:15 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5RIeFaV036989;
 Fri, 27 Jun 2014 18:40:15 GMT (envelope-from loos@svn.freebsd.org)
Received: (from loos@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5RIeFF9036988;
 Fri, 27 Jun 2014 18:40:15 GMT (envelope-from loos@svn.freebsd.org)
Message-Id: <201406271840.s5RIeFF9036988@svn.freebsd.org>
From: Luiz Otavio O Souza <loos@FreeBSD.org>
Date: Fri, 27 Jun 2014 18:40:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r267969 - head/usr.sbin/bsnmpd/modules/snmp_lm75
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 18:40:15 -0000

Author: loos
Date: Fri Jun 27 18:40:14 2014
New Revision: 267969
URL: http://svnweb.freebsd.org/changeset/base/267969

Log:
  Correct the buffer length check to avoid overflows.
  
  Found with:	Coverity Scan
  CID:		1222502, 1222503

Modified:
  head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c

Modified: head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
==============================================================================
--- head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c	Fri Jun 27 18:32:20 2014	(r267968)
+++ head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c	Fri Jun 27 18:40:14 2014	(r267969)
@@ -140,7 +140,7 @@ sysctlname(int *oid, int nlen, char *nam
 {
 	int mib[12];
 
-	if (nlen > (int)sizeof(mib) + 2)
+	if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
 		return (-1);
 
 	mib[0] = 0;
@@ -158,7 +158,7 @@ sysctlgetnext(int *oid, int nlen, int *n
 {
 	int mib[12];
 
-	if (nlen  > (int)sizeof(mib) + 2)
+	if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
 		return (-1);
 
 	mib[0] = 0;
@@ -180,10 +180,13 @@ update_sensor_sysctl(char *obuf, size_t 
 
 	/* Fill out the mib information. */
 	snprintf(buf, sizeof(buf) - 1, "dev.lm75.%d.%s", idx, name);
-	len = 4;
+	len = sizeof(mib) / sizeof(int);
 	if (sysctlnametomib(buf, mib, &len) == -1)
 		return (-1);
 
+	if (len != 4)
+		return (-1);
+
 	/* Read the sysctl data. */
 	if (sysctl(mib, len, obuf, obuflen, NULL, 0) == -1)
 		return (-1);