svn commit: r298467 - user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm

Garrett Cooper ngie at FreeBSD.org
Fri Apr 22 09:44:51 UTC 2016 

Author: ngie
Date: Fri Apr 22 09:44:49 2016
New Revision: 298467
URL: https://svnweb.freebsd.org/changeset/base/298467

Log:
  Consistently use sizeof for the known buffer when calling memcpy/memset
  
  This fixes a copy-pasto when handling LEAF_usmUserAuthKeyChange where
  SNMP_AUTH_KEY_SIZ was used instead of SNMP_PRIV_KEY_SIZ, resulting in a
  potential buffer overflow scenario
  
  MFC after: 2 weeks
  CID: 1008326, 1009675
  Reported by: Coverity
  Sponsored by: EMC / Isilon Storage Division

Modified:
  user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c

Modified: user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c
==============================================================================
--- user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c	Fri Apr 22 08:56:47 2016	(r298466)
+++ user/ngie/bsnmp_cleanup/contrib/bsnmp/snmp_usm/usm_snmp.c	Fri Apr 22 09:44:49 2016	(r298467)
@@ -262,7 +262,7 @@ op_usm_users(struct snmp_context *ctx, s
 			if (ctx->scratch->ptr1 == NULL)
 				return (SNMP_ERR_GENERR);
 			memcpy(ctx->scratch->ptr1, uuser->suser.priv_key,
-			    SNMP_PRIV_KEY_SIZ);
+			    sizeof(uuser->suser.priv_key));
 			memcpy(uuser->suser.priv_key, val->v.octetstring.octets,
 			    val->v.octetstring.len);
 			break;
@@ -286,7 +286,7 @@ op_usm_users(struct snmp_context *ctx, s
 				uuser->user_public_len = val->v.octetstring.len;
 			} else {
 				memset(uuser->user_public, 0,
-				    SNMP_ADM_STR32_SIZ);
+				    sizeof(uuser->user_public));
 				uuser->user_public_len = 0;
 			}
 			break;
@@ -351,7 +351,7 @@ op_usm_users(struct snmp_context *ctx, s
 		case LEAF_usmUserAuthKeyChange:
 		case LEAF_usmUserOwnAuthKeyChange:
 			memcpy(uuser->suser.auth_key, ctx->scratch->ptr1,
-			    SNMP_AUTH_KEY_SIZ);
+			    sizeof(uuser->suser.auth_key));
 			free(ctx->scratch->ptr1);
 			break;
 		case LEAF_usmUserPrivProtocol:
@@ -360,7 +360,7 @@ op_usm_users(struct snmp_context *ctx, s
 		case LEAF_usmUserPrivKeyChange:
 		case LEAF_usmUserOwnPrivKeyChange:
 			memcpy(uuser->suser.priv_key, ctx->scratch->ptr1,
-			    SNMP_AUTH_KEY_SIZ);
+			    sizeof(uuser->suser.priv_key));
 			free(ctx->scratch->ptr1);
 			break;
 		case LEAF_usmUserPublic:
@@ -371,7 +371,7 @@ op_usm_users(struct snmp_context *ctx, s
 				free(ctx->scratch->ptr2);
 			} else {
 				memset(uuser->user_public, 0,
-				    SNMP_ADM_STR32_SIZ);
+				    sizeof(uuser->user_public));
 				uuser->user_public_len = 0;
 			}
 			break;

More information about the svn-src-user mailing list