svn commit: r267969 - head/usr.sbin/bsnmpd/modules/snmp_lm75
Luiz Otavio O Souza
loos at FreeBSD.org
Fri Jun 27 18:40:15 UTC 2014
Author: loos
Date: Fri Jun 27 18:40:14 2014
New Revision: 267969
URL: http://svnweb.freebsd.org/changeset/base/267969
Log:
Correct the buffer length check to avoid overflows.
Found with: Coverity Scan
CID: 1222502, 1222503
Modified:
head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
Modified: head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c
==============================================================================
--- head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c Fri Jun 27 18:32:20 2014 (r267968)
+++ head/usr.sbin/bsnmpd/modules/snmp_lm75/snmp_lm75.c Fri Jun 27 18:40:14 2014 (r267969)
@@ -140,7 +140,7 @@ sysctlname(int *oid, int nlen, char *nam
{
int mib[12];
- if (nlen > (int)sizeof(mib) + 2)
+ if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
return (-1);
mib[0] = 0;
@@ -158,7 +158,7 @@ sysctlgetnext(int *oid, int nlen, int *n
{
int mib[12];
- if (nlen > (int)sizeof(mib) + 2)
+ if (nlen > (int)(sizeof(mib) / sizeof(int) - 2))
return (-1);
mib[0] = 0;
@@ -180,10 +180,13 @@ update_sensor_sysctl(char *obuf, size_t
/* Fill out the mib information. */
snprintf(buf, sizeof(buf) - 1, "dev.lm75.%d.%s", idx, name);
- len = 4;
+ len = sizeof(mib) / sizeof(int);
if (sysctlnametomib(buf, mib, &len) == -1)
return (-1);
+ if (len != 4)
+ return (-1);
+
/* Read the sysctl data. */
if (sysctl(mib, len, obuf, obuflen, NULL, 0) == -1)
return (-1);
More information about the svn-src-all
mailing list