From 1c6718c9e640f01a022c20c6f7fe907a4acd87c3 Mon Sep 17 00:00:00 2001 From: millert Date: Thu, 15 Dec 2022 19:36:45 +0000 Subject: [PATCH] priv_validgroup: do not read more than IF_NAMESIZE chars of name Store the length locally instead of computing it multiple times. OK dv@, previous version OK deraadt@ --- usr.sbin/vmd/priv.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/usr.sbin/vmd/priv.c b/usr.sbin/vmd/priv.c index 860aac3f5f7..1732140eaea 100644 --- a/usr.sbin/vmd/priv.c +++ b/usr.sbin/vmd/priv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: priv.c,v 1.20 2022/12/15 16:01:40 dv Exp $ */ +/* $OpenBSD: priv.c,v 1.21 2022/12/15 19:36:45 millert Exp $ */ /* * Copyright (c) 2016 Reyk Floeter @@ -316,10 +316,12 @@ priv_findname(const char *name, const char **names) int priv_validgroup(const char *name) { - if (strlen(name) >= IF_NAMESIZE) + const size_t len = strnlen(name, IF_NAMESIZE); + + if (len == IF_NAMESIZE) return (-1); /* Group can not end with a digit */ - if (name[0] && isdigit((unsigned char)name[strlen(name) - 1])) + if (len > 0 && isdigit((unsigned char)name[len - 1])) return (-1); return (0); } -- 2.20.1