strlcpy() implementations typically scan for the end of the source argument passed to strlcpy(). Hence avoid passing an unterminated string to strlcpy().
Reported-by: Stuart Henderson <s...@spacehopper.org> Fixes: 7f05daa8e0e0 ("CHANGES: BUG: 3444939: BUG: 1796886: snmplib: Avoid that sprint_realloc_octet_string() embeds unprintable control characters or binary zeroes in its output. This behavior could cause truncated output in snmptrapd.") --- snmplib/mib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/snmplib/mib.c b/snmplib/mib.c index a16144065029..1c875c06464f 100644 --- a/snmplib/mib.c +++ b/snmplib/mib.c @@ -585,9 +585,10 @@ sprint_realloc_octet_string(u_char ** buf, size_t * buf_len, return 0; } if (memchr(cp, '\0', cnt) == NULL) { - /* No embedded '\0' - use strlcpy() to preserve UTF-8 */ - strlcpy((char *)(*buf + *out_len), (char *)cp, cnt + 1); + /* No embedded '\0' - use memcpy() to preserve UTF-8 */ + memcpy(*buf + *out_len, cp, cnt); *out_len += cnt; + *(*buf + *out_len) = '\0'; } else if (!sprint_realloc_asciistring(buf, buf_len, out_len, allow_realloc, cp, cnt)) { return 0; -- 2.16.3 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders