On Mon, Jun 27, 2022 at 12:11:42PM +0200, Martijn van Duren wrote:
> When registering a region in appl_region (through appl_register) we
> fill oidbuf with strlcat, but we don't start from a clean state and
> might have garbage prepended.
>
> This oidbuf is only used on error-conditions, so it's unlikely to
> trigger with the current code. Diff below properly initializes it.
>
> OK?
ok tb
The regionbuf[] has the same issue, so you should treat it the same way
after the overlap: label.
>
> martijn@
>
> Index: application.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 application.c
> --- application.c 22 Feb 2022 15:59:13 -0000 1.3
> +++ application.c 27 Jun 2022 10:10:37 -0000
> @@ -224,6 +224,7 @@ appl_region(struct appl_context *ctx, ui
> goto overlap;
>
> /* Don't use smi_oid2string, because appl_register can't use it */
> + oidbuf[0] = '\0';
> for (i = 0; i < oid->bo_n; i++) {
> if (i != 0)
> strlcat(oidbuf, ".", sizeof(oidbuf));
>
