[PATCH] fix cid 1350009

Michael Adam obnox at samba.org
Mon Feb 8 23:07:29 UTC 2016


On 2016-02-03 at 14:04 +0100, Michael Adam wrote:
> On 2016-02-03 at 13:41 +0100, Volker Lendecke wrote:
> > On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
> > > Review/push appreciated.
> > >  
> > > -	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
> > > +	strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
> > > +	ifr.ifr_name[IF_NAMESIZE] = '\0';
> > 
> > I saw this one, but I was not sure about the expectation of
> > ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
> > here?
> 
> Right. I am not 100% certain either.
> 
> The ethtool code has this:
> 
> 	if (strlen(ctx.devname) >= IFNAMSIZ)
> 		exit_bad_args();
> 
> So it expects interface name to be < IF_NAMESIZE.
> Should we rather throw an error in the case the IF
> name is longer?

After a discussion with Günther, I rewrote it this
way. Patch attached.

Thanks - Michael
-------------- next part --------------
From 30bd30ebfaabeaa332a7be2abed876a01044fc04 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 3 Feb 2016 11:41:23 +0100
Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses 
 (BUFFER_SIZE_WARNING)

Pair-Programmed-With: Guenther Deschner <gd at samba.org>

Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
---
 lib/socket/interfaces.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
index cf094f0..847fa62 100644
--- a/lib/socket/interfaces.c
+++ b/lib/socket/interfaces.c
@@ -140,6 +140,11 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
 		return;
 	}
 
+	if (strlen(name) >= IF_NAMESIZE) {
+		DBG_ERR("Interface name too long.");
+		goto done;
+	}
+
 	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
 
 	ifr.ifr_data = (void *)&edata;
-- 
2.5.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160209/258c1ee5/signature.sig>


More information about the samba-technical mailing list