On 2023-08-29 14:23, Theo Buehler wrote:
+ if (string[strlen(string) - 1] == '.')
+ buf[strlen(string) - 1] = '\0';
Careful with out-of-bounds accesses. What if string is "" ? Probably
easiest to do "len = strlen(string);" and if (len > 0 && ...).
Good catch!
Does this look better:
Index: sbin/sysctl/sysctl.c
===================================================================
RCS file: /cvs/src/sbin/sysctl/sysctl.c,v
retrieving revision 1.259
diff -u -p -u -r1.259 sysctl.c
--- sbin/sysctl/sysctl.c 17 May 2023 22:12:51 -0000 1.259
+++ sbin/sysctl/sysctl.c 29 Aug 2023 21:36:19 -0000
@@ -377,6 +377,9 @@ parse(char *string, int flags)
(void)strlcpy(buf, string, sizeof(buf));
bufp = buf;
+ len = strlen(string);
+ if (len > 0 && string[len - 1] == '.')
+ buf[len - 1] = '\0';
if ((cp = strchr(string, '=')) != NULL) {
*strchr(buf, '=') = '\0';
*cp++ = '\0';
