[PATCH] fix cid 1350009

Uri Simchoni uri at samba.org
Wed Feb 10 07:46:03 UTC 2016


It's better, but having carefully looked at it now, I think you also 
want to set speed to 0 on all failure paths, or report failure to caller 
and let it intelligently deal with it.

Thanks,
Uri.

On 02/10/2016 08:32 AM, Michael Adam wrote:
> Hi Volker and Uri,
>
> is the updated patch better?
>
> Thanks - Michael
>
>
> On 2016-02-09 at 00:07 +0100, Michael Adam wrote:
>> On 2016-02-03 at 14:04 +0100, Michael Adam wrote:
>>> On 2016-02-03 at 13:41 +0100, Volker Lendecke wrote:
>>>> On Wed, Feb 03, 2016 at 11:43:07AM +0100, Michael Adam wrote:
>>>>> Review/push appreciated.
>>>>>   
>>>>> -	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
>>>>> +	strncpy(ifr.ifr_name, name, IF_NAMESIZE - 1);
>>>>> +	ifr.ifr_name[IF_NAMESIZE] = '\0';
>>>> I saw this one, but I was not sure about the expectation of
>>>> ioctl(SIOCETHTOOL). Don't we unnecessarily cut the interface name
>>>> here?
>>> Right. I am not 100% certain either.
>>>
>>> The ethtool code has this:
>>>
>>> 	if (strlen(ctx.devname) >= IFNAMSIZ)
>>> 		exit_bad_args();
>>>
>>> So it expects interface name to be < IF_NAMESIZE.
>>> Should we rather throw an error in the case the IF
>>> name is longer?
>> After a discussion with G√ľnther, I rewrote it this
>> way. Patch attached.
>>
>> Thanks - Michael
>>  From 30bd30ebfaabeaa332a7be2abed876a01044fc04 Mon Sep 17 00:00:00 2001
>> From: Michael Adam <obnox at samba.org>
>> Date: Wed, 3 Feb 2016 11:41:23 +0100
>> Subject: [PATCH] lib:socket: fix CID 1350009 - illegal memory accesses
>>   (BUFFER_SIZE_WARNING)
>>
>> Pair-Programmed-With: Guenther Deschner <gd at samba.org>
>>
>> Signed-off-by: Michael Adam <obnox at samba.org>
>> Signed-off-by: Guenther Deschner <gd at samba.org>
>> ---
>>   lib/socket/interfaces.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
>> index cf094f0..847fa62 100644
>> --- a/lib/socket/interfaces.c
>> +++ b/lib/socket/interfaces.c
>> @@ -140,6 +140,11 @@ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
>>   		return;
>>   	}
>>   
>> +	if (strlen(name) >= IF_NAMESIZE) {
>> +		DBG_ERR("Interface name too long.");
>> +		goto done;
>> +	}
>> +
>>   	strncpy(ifr.ifr_name, name, IF_NAMESIZE);
>>   
>>   	ifr.ifr_data = (void *)&edata;
>> -- 
>> 2.5.0
>>
>
>




More information about the samba-technical mailing list