Re: [PATCH; request for votes] snmplib: Avoid that sprint_realloc_octet_string() triggers a segmentation fault

Sat, 19 May 2018 22:59:19 -0700 

On Sat, May 19, 2018 at 05:28:31PM -0700, Bart Van Assche wrote:
> On 05/19/18 15:14, Magnus Fromreide wrote:
> > On Sat, May 19, 2018 at 02:07:56PM -0700, Bart Van Assche wrote:
> > > strlcpy() implementations typically scan for the end of the source 
> > > argument
> > > passed to strlcpy(). Hence avoid passing an unterminated string to 
> > > strlcpy().
> > > 
> > > Reported-by: Stuart Henderson <s...@spacehopper.org>
> > > Fixes: 7f05daa8e0e0 ("CHANGES: BUG: 3444939: BUG: 1796886: snmplib: Avoid 
> > > that sprint_realloc_octet_string() embeds unprintable control characters 
> > > or binary zeroes in its output. This behavior could cause truncated 
> > > output in snmptrapd.")
> > > ---
> > >   snmplib/mib.c | 5 +++--
> > >   1 file changed, 3 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/snmplib/mib.c b/snmplib/mib.c
> > > index a16144065029..1c875c06464f 100644
> > > --- a/snmplib/mib.c
> > > +++ b/snmplib/mib.c
> > > @@ -585,9 +585,10 @@ sprint_realloc_octet_string(u_char ** buf, size_t * 
> > > buf_len,
> > >                               return 0;
> > >                       }
> > >                       if (memchr(cp, '\0', cnt) == NULL) {
> > > -                        /* No embedded '\0' - use strlcpy() to preserve 
> > > UTF-8 */
> > > -                        strlcpy((char *)(*buf + *out_len), (char *)cp, 
> > > cnt + 1);
> > > +                        /* No embedded '\0' - use memcpy() to preserve 
> > > UTF-8 */
> > 
> > The comment does not make any sense - what have UTF-8 got to do with this?
> 
> Hello Magnus,
> 
> Does this mean that you did not understand that comment?

The comment is clear enough and I can even see how it came to be but it
really is ascii that is the special case here as it replaces everything
that isn't printable or a space in the current locale with a dot (I have
to admit that I see that as odd as well).

> The code under the else-clause does not preserve UTF-8
> (sprint_realloc_asciistring()). Hence the comment in the if-clause about
> preserving UTF-8.

> Bart.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to