Author: truckman
Date: Mon May 16 23:00:48 2016
New Revision: 299986
URL: https://svnweb.freebsd.org/changeset/base/299986
Log:
Actually use the loop interation limit so carefully computed on the
previous line to prevent buffer overflow. This turns out to not be
important because the upstream xdr code already capped the object
size at the proper value. Using the correct limit here looks a lot
less scary and should please Coverity.
Reported by: Coverity
CID: 1199309, 1199310
MFC after: 1 week
Modified:
head/usr.sbin/rpc.lockd/lock_proc.c
Modified: head/usr.sbin/rpc.lockd/lock_proc.c
==============================================================================
--- head/usr.sbin/rpc.lockd/lock_proc.c Mon May 16 22:57:36 2016
(r299985)
+++ head/usr.sbin/rpc.lockd/lock_proc.c Mon May 16 23:00:48 2016
(r299986)
@@ -112,7 +112,7 @@ log_netobj(netobj *obj)
}
/* Prevent the security hazard from the buffer overflow */
maxlen = (obj->n_len < MAX_NETOBJ_SZ ? obj->n_len : MAX_NETOBJ_SZ);
- for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < obj->n_len;
+ for (i=0, tmp1 = objvalbuffer, tmp2 = objascbuffer; i < maxlen;
i++, tmp1 +=2, tmp2 +=1) {
sprintf(tmp1,"%02X",*(obj->n_bytes+i));
sprintf(tmp2,"%c",*(obj->n_bytes+i));
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
