Mailing List Archive

From:: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject:: bgpd: tohex handle len = 0 gracefully
To:: tech@openbsd.org
Date:: Tue, 4 Nov 2025 15:20:58 +0100

Download raw body.

Thread

2025-11-04 14:20 Claudio Jeker:
bgpd: tohex handle len = 0 gracefully
- 2025-11-04 14:34 Theo Buehler:
  bgpd: tohex handle len = 0 gracefully

If tohex is called with len = 0 then the code will write '\0' to
out[-1] which is bad. Right now tohex() is never called with len == 0
but lets make this more obvious.

Fixes CID 492344
-- 
:wq Claudio

Index: logmsg.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/logmsg.c,v
diff -u -p -r1.17 logmsg.c
--- logmsg.c	30 Oct 2025 12:43:18 -0000	1.17
+++ logmsg.c	4 Nov 2025 14:18:45 -0000
@@ -135,6 +135,8 @@ tohex(const unsigned char *in, size_t le
 	static char out[(16 + 1) * 3];
 	size_t i, o = 0;
 
+	if (len == 0)
+		return "";
 	if (len > 16)
 		len = 16;
 	for (i = 0; i < len; i++) {
@@ -269,9 +271,8 @@ log_notification(const struct peer *peer
 			size_t len = sizeof(buf);
 			if (ibuf_size(&ibuf) < len)
 				len = ibuf_size(&ibuf);
-			if (ibuf_get(&ibuf, buf, len) == -1) {
+			if (ibuf_get(&ibuf, buf, len) == -1)
 				break;
-			}
 			logit(LOG_INFO, "   %5zu: %s", off, tohex(buf, len));
 			off += len;
 		}

2025-11-04 14:20 Claudio Jeker:
bgpd: tohex handle len = 0 gracefully
- 2025-11-04 14:34 Theo Buehler:
  bgpd: tohex handle len = 0 gracefully