openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-06-18 15:23:33 +02:00
Code Activity

Include the padding length when testing the remaining bytes in an octet

Browse Source 
string, to prevent a size_t underflow on a malformed packet and make us run
into infinity.

Same diff as for snmpd
This commit is contained in:
martijn
2026-05-07 14:51:20 +00:00
parent d8525c0ee8
commit 3699ef323c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/libagentx/ax.c
+2 -2
View File
@@ -1,4 +1,4 @@
/* $OpenBSD: ax.c,v 1.11 2025/09/08 08:43:39 jsg Exp $ */
/* $OpenBSD: ax.c,v 1.12 2026/05/07 14:51:20 martijn Exp $ */
/*
* Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
*
@@ -1286,7 +1286,7 @@ ax_pdutoostring(struct ax_pdu_header *header,
ostring->aos_slen = ax_pdutoh32(header, buf);
rawlen -= 4;
buf += 4;
if (ostring->aos_slen > rawlen)
if (((ostring->aos_slen + 3) & ~3U) > rawlen)
goto fail;
if ((ostring->aos_string = malloc(ostring->aos_slen + 1)) == NULL)
return -1;