svn commit: r300463 - stable/10/usr.sbin/rpc.lockd
Don Lewis
truckman at FreeBSD.org
Mon May 23 05:27:32 UTC 2016
Author: truckman
Date: Mon May 23 05:27:31 2016
New Revision: 300463
URL: https://svnweb.freebsd.org/changeset/base/300463
Log:
MFC r299986
Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow. This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value. Using the correct limit here looks a lot
less scary and should please Coverity.
Reported by: Coverity
CID: 1199309, 1199310
Modified:
stable/10/usr.sbin/rpc.lockd/lock_proc.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/rpc.lockd/lock_proc.c
==============================================================================
--- stable/10/usr.sbin/rpc.lockd/lock_proc.c Mon May 23 05:25:34 2016 (r300462)
+++ stable/10/usr.sbin/rpc.lockd/lock_proc.c Mon May 23 05:27:31 2016 (r300463)
@@ -115,7 +115,7 @@ log_netobj(obj)
}
/* Prevent the security hazard from the buffer overflow */
maxlen = (obj->n_len < MAX_NETOBJ_SZ ? obj->n_len : MAX_NETOBJ_SZ);
- for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < obj->n_len;
+ for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < maxlen;
i++, tmp1 +=2, tmp2 +=1) {
sprintf(tmp1,"%02X",*(obj->n_bytes+i));
sprintf(tmp2,"%c",*(obj->n_bytes+i));
More information about the svn-src-stable
mailing list