[PATCH] fix cid 1350009
Uri Simchoni
uri at samba.org
Wed Feb 3 12:57:21 UTC 2016
I think we do unnecessarily cut the device name, see for example:
http://lxr.free-electrons.com/source/net/core/dev.c#L723
But even if we stay with the decision to cut device name (so that we
don't have to look it up in kernel source..), the cutting is incorrect -
it's one past array boundary!
Thanks,
Uri.
On 02/03/2016 02:41 PM, Volker Lendecke wrote:
> On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
>> Review/push appreciated.
>>
>> Thanks - Michael
>> From 267367964c957af33c8dded90bb61c009ed29039 Mon Sep 17 00:00:00 2001
>> From: Michael Adam <obnox at samba.org>
>> Date: Wed, 3 Feb 2016 11:41:23 +0100
>> Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses
>> (BUFFER_SIZE_WARNING)
>>
>> Signed-off-by: Michael Adam <obnox at samba.org>
>> ---
>> lib/socket/interfaces.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
>> index f0386c0..c1229f2 100644
>> --- a/lib/socket/interfaces.c
>> +++ b/lib/socket/interfaces.c
>> @@ -140,7 +140,8 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
>> return;
>> }
>>
>> - strncpy(ifr.ifr_name, name, IF_NAMESIZE);
>> + strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
>> + ifr.ifr_name[IF_NAMESIZE] = '\0';
> I saw this one, but I was not sure about the expectation of
> ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
> here?
>
> Volker
>
More information about the samba-technical
mailing list