[3.5.y.z,extended,stable] Patch "packet: packet_getname_spkt: make sure string is always" has been added to staging queue

Message ID 1372061962-5476-1-git-send-email-luis.henriques@canonical.com
State New
Headers show

Commit Message

Luis Henriques June 24, 2013, 8:19 a.m.
This is a note to let you know that I have just added a patch titled

    packet: packet_getname_spkt: make sure string is always

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From df0b0db3cfe28e2d719e0fb6414f8113a191dbb6 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Wed, 12 Jun 2013 16:02:27 +0200
Subject: [PATCH] packet: packet_getname_spkt: make sure string is always

commit 2dc85bf323515e59e15dfa858d1472bb25cad0fe upstream.

uaddr->sa_data is exactly of size 14, which is hard-coded here and
passed as a size argument to strncpy(). A device name can be of size
IFNAMSIZ (== 16), meaning we might leave the destination string
unterminated. Thus, use strlcpy() and also sizeof() while we're
at it. We need to memset the data area beforehand, since strlcpy
does not padd the remaining buffer with zeroes for user space, so
that we do not possibly leak anything.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
 net/packet/af_packet.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)



diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 4137d01..1522b93 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2854,12 +2854,11 @@  static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
 		return -EOPNOTSUPP;

 	uaddr->sa_family = AF_PACKET;
+	memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data));
 	dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
 	if (dev)
-		strncpy(uaddr->sa_data, dev->name, 14);
-	else
-		memset(uaddr->sa_data, 0, 14);
+		strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data));
 	*uaddr_len = sizeof(*uaddr);