[PATCH] fix cid 1350009

Michael Adam obnox at samba.org
Wed Feb 10 06:32:09 UTC 2016


Hi Volker and Uri,

is the updated patch better?

Thanks - Michael


On 2016-02-09 at 00:07 +0100, Michael Adam wrote:
> On 2016-02-03 at 14:04 +0100, Michael Adam wrote:
> > On 2016-02-03 at 13:41 +0100, Volker Lendecke wrote:
> > > On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
> > > > Review/push appreciated.
> > > >  
> > > > -	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
> > > > +	strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
> > > > +	ifr.ifr_name[IF_NAMESIZE] = '\0';
> > > 
> > > I saw this one, but I was not sure about the expectation of
> > > ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
> > > here?
> > 
> > Right. I am not 100% certain either.
> > 
> > The ethtool code has this:
> > 
> > 	if (strlen(ctx.devname) >= IFNAMSIZ)
> > 		exit_bad_args();
> > 
> > So it expects interface name to be < IF_NAMESIZE.
> > Should we rather throw an error in the case the IF
> > name is longer?
> 
> After a discussion with Günther, I rewrote it this
> way. Patch attached.
> 
> Thanks - Michael

> From 30bd30ebfaabeaa332a7be2abed876a01044fc04 Mon Sep 17 00:00:00 2001
> From: Michael Adam <obnox at samba.org>
> Date: Wed, 3 Feb 2016 11:41:23 +0100
> Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses 
>  (BUFFER_SIZE_WARNING)
> 
> Pair-Programmed-With: Guenther Deschner <gd at samba.org>
> 
> Signed-off-by: Michael Adam <obnox at samba.org>
> Signed-off-by: Guenther Deschner <gd at samba.org>
> ---
>  lib/socket/interfaces.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
> index cf094f0..847fa62 100644
> --- a/lib/socket/interfaces.c
> +++ b/lib/socket/interfaces.c
> @@ -140,6 +140,11 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
>  		return;
>  	}
>  
> +	if (strlen(name) >= IF_NAMESIZE) {
> +		DBG_ERR("Interface name too long.");
> +		goto done;
> +	}
> +
>  	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
>  
>  	ifr.ifr_data = (void *)&edata;
> -- 
> 2.5.0
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160210/ef75001a/signature.sig>


More information about the samba-technical mailing list