From owner-svn-src-all@freebsd.org Fri Jan 13 08:51:47 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90B91CAB639; Fri, 13 Jan 2017 08:51:47 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5CF2D1E7D; Fri, 13 Jan 2017 08:51:47 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0D8pkEU057397; Fri, 13 Jan 2017 08:51:46 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0D8pkbl057396; Fri, 13 Jan 2017 08:51:46 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201701130851.v0D8pkbl057396@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Ngie Cooper Date: Fri, 13 Jan 2017 08:51:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r312044 - stable/10/usr.sbin/bsnmpd/modules/snmp_bridge X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2017 08:51:47 -0000 Author: ngie Date: Fri Jan 13 08:51:46 2017 New Revision: 312044 URL: https://svnweb.freebsd.org/changeset/base/312044 Log: MFC r311290,r311293,r311294: r311290: Use strlcpy instead of strcpy when copying the bridge name to ifr.ifr_name to avoid buffer overflows CID: 1006735, 1006737, 1006738 r311293: bridge_do_pfctl: allocate mib_name dynamically using asprintf This is being done to reduce wasted space, simplify complexity in the code, and to quell a Coverity warning about buffer overruns. warning about buffer overruns. CID: 1006736 r311294: style cleanup - bridge_pf_dump: use nitems instead of spelling it out longhand - bridge_do_pfctl: sort variables by alignment for type Modified: stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c ============================================================================== --- stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Fri Jan 13 08:51:43 2017 (r312043) +++ stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Fri Jan 13 08:51:46 2017 (r312044) @@ -485,7 +485,7 @@ bridge_set_if_up(const char* b_name, int struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { syslog(LOG_ERR, "set bridge up: ioctl(SIOCGIFFLAGS) " "failed: %s", strerror(errno)); @@ -516,7 +516,7 @@ bridge_create(const char *b_name) struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCIFCREATE, &ifr) < 0) { syslog(LOG_ERR, "create bridge: ioctl(SIOCIFCREATE) " @@ -549,7 +549,7 @@ bridge_destroy(const char *b_name) struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCIFDESTROY, &ifr) < 0) { syslog(LOG_ERR, "destroy bridge: ioctl(SIOCIFDESTROY) " @@ -1459,9 +1459,9 @@ bridge_get_pfval(uint8_t which) int32_t bridge_do_pfctl(int32_t bridge_ctl, enum snmp_op op, int32_t *val) { - char mib_name[100]; - int32_t i, s_i; + char *mib_oid; size_t len, s_len; + int32_t i, s_i; if (bridge_ctl >= LEAF_begemotBridgeLayer2PfStatus) return (-2); @@ -1474,19 +1474,24 @@ bridge_do_pfctl(int32_t bridge_ctl, enum len = sizeof(i); - strcpy(mib_name, bridge_sysctl); + asprintf(&mib_oid, "%s%s", bridge_sysctl, + bridge_pf_sysctl[bridge_ctl].name); + if (mib_oid == NULL) + return (-1); - if (sysctlbyname(strcat(mib_name, - bridge_pf_sysctl[bridge_ctl].name), &i, &len, - (op == SNMP_OP_SET ? &s_i : NULL), s_len) == -1) { - syslog(LOG_ERR, "sysctl(%s%s) failed - %s", bridge_sysctl, - bridge_pf_sysctl[bridge_ctl].name, strerror(errno)); + if (sysctlbyname(mib_oid, &i, &len, (op == SNMP_OP_SET ? &s_i : NULL), + s_len) == -1) { + syslog(LOG_ERR, "sysctl(%s) failed - %s", mib_oid, + strerror(errno)); + free(mib_oid); return (-1); } bridge_pf_sysctl[bridge_ctl].val = i; *val = i; + free(mib_oid); + return (i); } @@ -1495,8 +1500,7 @@ bridge_pf_dump(void) { uint8_t i; - for (i = 0; i < sizeof(bridge_pf_sysctl) / sizeof(bridge_pf_sysctl[0]); - i++) { + for (i = 0; i < nitems(bridge_pf_sysctl); i++) { syslog(LOG_ERR, "%s%s = %d", bridge_sysctl, bridge_pf_sysctl[i].name, bridge_pf_sysctl[i].val); }