[PATCH] fix cid 1350009

Michael Adam obnox at samba.org
Wed Feb 3 13:04:31 UTC 2016 

On 2016-02-03 at 13:41 +0100, Volker Lendecke wrote:
> On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
> > Review/push appreciated.
> > 
> > Thanks - Michael
> 
> > From 267367964c957af33c8dded90bb61c009ed29039 Mon Sep 17 00:00:00 2001
> > From: Michael Adam <obnox at samba.org>
> > Date: Wed, 3 Feb 2016 11:41:23 +0100
> > Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses 
> >  (BUFFER_SIZE_WARNING)
> > 
> > Signed-off-by: Michael Adam <obnox at samba.org>
> > ---
> >  lib/socket/interfaces.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
> > index f0386c0..c1229f2 100644
> > --- a/lib/socket/interfaces.c
> > +++ b/lib/socket/interfaces.c
> > @@ -140,7 +140,8 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
> >  		return;
> >  	}
> >  
> > -	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
> > +	strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
> > +	ifr.ifr_name[IF_NAMESIZE] = '\0';
> 
> I saw this one, but I was not sure about the expectation of
> ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
> here?

Right. I am not 100% certain either.
There are a couple of other occurrences, e.g. in
ctdb/common/system_linux.c , in that case for use
with SIOCGIFINDEX:

	strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));

which effectively has the same effect.

but also

	strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)-1);

and

	strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));

So that is at least inconsistent.

The ethtool code hast this:

	if (strlen(ctx.devname) >= IFNAMSIZ)
		exit_bad_args();

So it expects interface name to be < IF_NAMESIZE.
Should we rather throw an error in the case the IF
name is longer?

Thanks for your input,

Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160203/f34005b3/signature.sig>

More information about the samba-technical mailing list