Date: Wed, 11 May 2016 16:54:34 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299465 - head/contrib/bsnmp/snmp_usm Message-ID: <201605111654.u4BGsYNu036792@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed May 11 16:54:34 2016 New Revision: 299465 URL: https://svnweb.freebsd.org/changeset/base/299465 Log: bsnmp: Don't overrun privkey buffer by copying wrong size The 'priv_key' array is SNMP_PRIV_KEY_SIZ bytes, not SNMP_AUTH_KEY_SIZ. Reported by: Coverity CIDs: 1008326, 1009675 Sponsored by: EMC / Isilon Storage Division Modified: head/contrib/bsnmp/snmp_usm/usm_snmp.c Modified: head/contrib/bsnmp/snmp_usm/usm_snmp.c ============================================================================== --- head/contrib/bsnmp/snmp_usm/usm_snmp.c Wed May 11 16:53:56 2016 (r299464) +++ head/contrib/bsnmp/snmp_usm/usm_snmp.c Wed May 11 16:54:34 2016 (r299465) @@ -360,7 +360,7 @@ op_usm_users(struct snmp_context *ctx, s case LEAF_usmUserPrivKeyChange: case LEAF_usmUserOwnPrivKeyChange: memcpy(uuser->suser.priv_key, ctx->scratch->ptr1, - SNMP_AUTH_KEY_SIZ); + SNMP_PRIV_KEY_SIZ); free(ctx->scratch->ptr1); break; case LEAF_usmUserPublic:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605111654.u4BGsYNu036792>