Module Name: src
Committed By: plunky
Date: Tue Jun 4 06:24:58 UTC 2024
Modified Files:
src/usr.sbin/btpand: btpand.c
Log Message:
Fix off-by-one bug in btpand
`ul` reaches `__arraycount(services)` before the bound-check happens, causing
undefined behaviour.
from Dapeng Gao <dg...@cam.ac.uk> via FreeBSD
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/usr.sbin/btpand/btpand.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/btpand/btpand.c
diff -u src/usr.sbin/btpand/btpand.c:1.8 src/usr.sbin/btpand/btpand.c:1.9
--- src/usr.sbin/btpand/btpand.c:1.8 Wed May 18 13:56:32 2022
+++ src/usr.sbin/btpand/btpand.c Tue Jun 4 06:24:58 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: btpand.c,v 1.8 2022/05/18 13:56:32 andvar Exp $ */
+/* $NetBSD: btpand.c,v 1.9 2024/06/04 06:24:58 plunky Exp $ */
/*-
* Copyright (c) 2008-2009 Iain Hibbert
@@ -27,7 +27,7 @@
#include <sys/cdefs.h>
__COPYRIGHT("@(#) Copyright (c) 2008-2009 Iain Hibbert. All rights reserved.");
-__RCSID("$NetBSD: btpand.c,v 1.8 2022/05/18 13:56:32 andvar Exp $");
+__RCSID("$NetBSD: btpand.c,v 1.9 2024/06/04 06:24:58 plunky Exp $");
#include <sys/wait.h>
@@ -155,11 +155,14 @@ main(int argc, char *argv[])
case 's': /* service */
case 'S': /* service (no SDP) */
- for (ul = 0; strcasecmp(optarg, services[ul].type); ul++) {
- if (ul == __arraycount(services))
- errx(EXIT_FAILURE, "%s: unknown service", optarg);
+ for (ul = 0; ul < __arraycount(services); ul++) {
+ if (strcasecmp(optarg, services[ul].type) == 0)
+ break;
}
+ if (ul == __arraycount(services))
+ errx(EXIT_FAILURE, "%s: unknown service", optarg);
+
if (ch == 's') {
service_type = services[ul].type;
service_name = services[ul].name;
