On Mon, 2009-12-21 at 12:01 +0000, bvass...@users.sourceforge.net wrote: > Revision: 17926 > http://net-snmp.svn.sourceforge.net/net-snmp/?rev=17926&view=rev > Author: bvassche > Date: 2009-12-21 12:01:15 +0000 (Mon, 21 Dec 2009) > > Log Message: > ----------- > Applied patch #2912062: make sure that the string returned by > read_config_read_octet_string() is properly terminated, such that the > callers of this function do not trigger past-end-of-buffer reads. Found > this issue via BoundsChecker.
I think this patch is bogus as the result is a length + char-array, not a zero terminated string. An octet string can quite legally contain embedded NUL characters and so the bug that should be reported is that someone tries to operate on it using a str* function. This is also the reason for the len argument to the function. I thus propose a reversal of this patch and a comment in the tracker that explains the problem. To be honest I am considering a patch to never zero-terminate the result of this function. /MF ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
