[Bug 283909] bsnmpget/walk: coredump when SNMPPASSWD is empty

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 283909] bsnmpget/walk: coredump when SNMPPASSWD is empty"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 10 Jan 2025 20:30:19 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283909

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |markj@FreeBSD.org

--- Comment #4 from Mark Johnston <markj@FreeBSD.org> ---
(In reply to Gleb Smirnoff from comment #3)
Looks reasonable to me.  The code which allocates the buffer also looks wrong:

 174         if ((str = getenv("SNMPPASSWD")) != NULL) {                        
 175                 if ((slen = strlen(str)) > MAXSTR)                         
 176                         slen = MAXSTR - 1;                                 
 177                 if ((snmptoolctx->passwd = malloc(slen + 1)) == NULL) {    
 178                         warn("malloc() failed");                           
 179                         return (-1);                                       
 180                 }                                                          
 181                 if (slen > 0)                                              
 182                         strlcpy(snmptoolctx->passwd, str, slen + 1);       
 183         }               

Aren't we leaving passwd[0] uninitialized if slen == 0?

-- 
You are receiving this mail because:
You are the assignee for the bug.