Date: Fri, 13 Jan 2017 08:51:46 +0000 (UTC) From: Ngie Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r312044 - stable/10/usr.sbin/bsnmpd/modules/snmp_bridge Message-ID: <201701130851.v0D8pkbl057396@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Fri Jan 13 08:51:46 2017 New Revision: 312044 URL: https://svnweb.freebsd.org/changeset/base/312044 Log: MFC r311290,r311293,r311294: r311290: Use strlcpy instead of strcpy when copying the bridge name to ifr.ifr_name to avoid buffer overflows CID: 1006735, 1006737, 1006738 r311293: bridge_do_pfctl: allocate mib_name dynamically using asprintf This is being done to reduce wasted space, simplify complexity in the code, and to quell a Coverity warning about buffer overruns. warning about buffer overruns. CID: 1006736 r311294: style cleanup - bridge_pf_dump: use nitems instead of spelling it out longhand - bridge_do_pfctl: sort variables by alignment for type Modified: stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c ============================================================================== --- stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Fri Jan 13 08:51:43 2017 (r312043) +++ stable/10/usr.sbin/bsnmpd/modules/snmp_bridge/bridge_sys.c Fri Jan 13 08:51:46 2017 (r312044) @@ -485,7 +485,7 @@ bridge_set_if_up(const char* b_name, int struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { syslog(LOG_ERR, "set bridge up: ioctl(SIOCGIFFLAGS) " "failed: %s", strerror(errno)); @@ -516,7 +516,7 @@ bridge_create(const char *b_name) struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCIFCREATE, &ifr) < 0) { syslog(LOG_ERR, "create bridge: ioctl(SIOCIFCREATE) " @@ -549,7 +549,7 @@ bridge_destroy(const char *b_name) struct ifreq ifr; bzero(&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, b_name); + strlcpy(ifr.ifr_name, b_name, sizeof(ifr.ifr_name)); if (ioctl(sock, SIOCIFDESTROY, &ifr) < 0) { syslog(LOG_ERR, "destroy bridge: ioctl(SIOCIFDESTROY) " @@ -1459,9 +1459,9 @@ bridge_get_pfval(uint8_t which) int32_t bridge_do_pfctl(int32_t bridge_ctl, enum snmp_op op, int32_t *val) { - char mib_name[100]; - int32_t i, s_i; + char *mib_oid; size_t len, s_len; + int32_t i, s_i; if (bridge_ctl >= LEAF_begemotBridgeLayer2PfStatus) return (-2); @@ -1474,19 +1474,24 @@ bridge_do_pfctl(int32_t bridge_ctl, enum len = sizeof(i); - strcpy(mib_name, bridge_sysctl); + asprintf(&mib_oid, "%s%s", bridge_sysctl, + bridge_pf_sysctl[bridge_ctl].name); + if (mib_oid == NULL) + return (-1); - if (sysctlbyname(strcat(mib_name, - bridge_pf_sysctl[bridge_ctl].name), &i, &len, - (op == SNMP_OP_SET ? &s_i : NULL), s_len) == -1) { - syslog(LOG_ERR, "sysctl(%s%s) failed - %s", bridge_sysctl, - bridge_pf_sysctl[bridge_ctl].name, strerror(errno)); + if (sysctlbyname(mib_oid, &i, &len, (op == SNMP_OP_SET ? &s_i : NULL), + s_len) == -1) { + syslog(LOG_ERR, "sysctl(%s) failed - %s", mib_oid, + strerror(errno)); + free(mib_oid); return (-1); } bridge_pf_sysctl[bridge_ctl].val = i; *val = i; + free(mib_oid); + return (i); } @@ -1495,8 +1500,7 @@ bridge_pf_dump(void) { uint8_t i; - for (i = 0; i < sizeof(bridge_pf_sysctl) / sizeof(bridge_pf_sysctl[0]); - i++) { + for (i = 0; i < nitems(bridge_pf_sysctl); i++) { syslog(LOG_ERR, "%s%s = %d", bridge_sysctl, bridge_pf_sysctl[i].name, bridge_pf_sysctl[i].val); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701130851.v0D8pkbl057396>