Date: Fri, 13 Jan 2017 09:04:29 +0000 (UTC) From: Ngie Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r312054 - stable/10/contrib/bsnmp/snmpd Message-ID: <201701130904.v0D94TpI063919@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Fri Jan 13 09:04:29 2017 New Revision: 312054 URL: https://svnweb.freebsd.org/changeset/base/312054 Log: MFC r311378: lm_load: fix string copying issues - Ensure `section` doesn't overrun section by using strlcpy instead of strcpy [*]. - Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity, but is an opportunistic change). CID: 1006826 [*] Modified: stable/10/contrib/bsnmp/snmpd/main.c Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/bsnmp/snmpd/main.c ============================================================================== --- stable/10/contrib/bsnmp/snmpd/main.c Fri Jan 13 09:04:26 2017 (r312053) +++ stable/10/contrib/bsnmp/snmpd/main.c Fri Jan 13 09:04:29 2017 (r312054) @@ -2508,13 +2508,12 @@ lm_load(const char *path, const char *se } m->handle = NULL; m->flags = 0; - strcpy(m->section, section); + strlcpy(m->section, section, sizeof(m->section)); - if ((m->path = malloc(strlen(path) + 1)) == NULL) { + if ((m->path = strdup(path)) == NULL) { syslog(LOG_ERR, "lm_load: %m"); goto err; } - strcpy(m->path, path); /* * Make index
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701130904.v0D94TpI063919>