On Sat, May 19, 2018 at 02:07:56PM -0700, Bart Van Assche wrote:
> strlcpy() implementations typically scan for the end of the source argument
> passed to strlcpy(). Hence avoid passing an unterminated string to strlcpy().
> 
> Reported-by: Stuart Henderson <s...@spacehopper.org>
> Fixes: 7f05daa8e0e0 ("CHANGES: BUG: 3444939: BUG: 1796886: snmplib: Avoid 
> that sprint_realloc_octet_string() embeds unprintable control characters or 
> binary zeroes in its output. This behavior could cause truncated output in 
> snmptrapd.")
> ---
>  snmplib/mib.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/snmplib/mib.c b/snmplib/mib.c
> index a16144065029..1c875c06464f 100644
> --- a/snmplib/mib.c
> +++ b/snmplib/mib.c
> @@ -585,9 +585,10 @@ sprint_realloc_octet_string(u_char ** buf, size_t * 
> buf_len,
>                              return 0;
>                      }
>                      if (memchr(cp, '\0', cnt) == NULL) {
> -                        /* No embedded '\0' - use strlcpy() to preserve 
> UTF-8 */
> -                        strlcpy((char *)(*buf + *out_len), (char *)cp, cnt + 
> 1);
> +                        /* No embedded '\0' - use memcpy() to preserve UTF-8 
> */

The comment does not make any sense - what have UTF-8 got to do with this?

Anyway, I went and looked on the spec for the 't' display hint in rfc2579
ยง3.1 and it explicitly states that unterminated utf-8 characters at the end
of an t encoded octet string are to be discarded.

Looking at the code surrounding this chunk seems to suggest that some TLC for
the 't' display hint could be useful.

> +                        memcpy(*buf + *out_len, cp, cnt);

In any case I have to admit that the functional part of the patch (use memcpy
rather than strlcpy to copy possibly not null terminated data) is good so
+1 for this part

/MF

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to