[PATCH] fix cid 1350009

Uri Simchoni uri at samba.org
Wed Feb 3 12:57:21 UTC 2016


I think we do unnecessarily cut the device name, see for example:
http://lxr.free-electrons.com/source/net/core/dev.c#L723

But even if we stay with the decision to cut device name (so that we 
don't have to look it up in kernel source..), the cutting is incorrect - 
it's one past array boundary!

Thanks,
Uri.

On 02/03/2016 02:41 PM, Volker Lendecke wrote:
> On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
>> Review/push appreciated.
>>
>> Thanks - Michael
>>  From 267367964c957af33c8dded90bb61c009ed29039 Mon Sep 17 00:00:00 2001
>> From: Michael Adam <obnox at samba.org>
>> Date: Wed, 3 Feb 2016 11:41:23 +0100
>> Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses
>>   (BUFFER_SIZE_WARNING)
>>
>> Signed-off-by: Michael Adam <obnox at samba.org>
>> ---
>>   lib/socket/interfaces.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
>> index f0386c0..c1229f2 100644
>> --- a/lib/socket/interfaces.c
>> +++ b/lib/socket/interfaces.c
>> @@ -140,7 +140,8 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
>>   		return;
>>   	}
>>   
>> -	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
>> +	strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
>> +	ifr.ifr_name[IF_NAMESIZE] = '\0';
> I saw this one, but I was not sure about the expectation of
> ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
> here?
>
> Volker
>




More information about the samba-technical mailing list