On Mon, Jun 27, 2022 at 12:11:42PM +0200, Martijn van Duren wrote: > When registering a region in appl_region (through appl_register) we > fill oidbuf with strlcat, but we don't start from a clean state and > might have garbage prepended. > > This oidbuf is only used on error-conditions, so it's unlikely to > trigger with the current code. Diff below properly initializes it. > > OK?
ok tb The regionbuf[] has the same issue, so you should treat it the same way after the overlap: label. > > martijn@ > > Index: application.c > =================================================================== > RCS file: /cvs/src/usr.sbin/snmpd/application.c,v > retrieving revision 1.3 > diff -u -p -r1.3 application.c > --- application.c 22 Feb 2022 15:59:13 -0000 1.3 > +++ application.c 27 Jun 2022 10:10:37 -0000 > @@ -224,6 +224,7 @@ appl_region(struct appl_context *ctx, ui > goto overlap; > > /* Don't use smi_oid2string, because appl_register can't use it */ > + oidbuf[0] = '\0'; > for (i = 0; i < oid->bo_n; i++) { > if (i != 0) > strlcat(oidbuf, ".", sizeof(oidbuf)); >