[hurd,commited] hurd: Fix buffer overrun in __if_nametoindex

Message ID 20180403160818.4652-1-samuel.thibault@ens-lyon.org
State New
Headers show
Series
  • [hurd,commited] hurd: Fix buffer overrun in __if_nametoindex
Related show

Commit Message

Samuel Thibault April 3, 2018, 4:08 p.m.
and building with mainline GCC which reports it.

	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
	ifr.fr_name with a NUL caracter.
---
 ChangeLog                    | 5 +++++
 sysdeps/mach/hurd/if_index.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

Comments

Joseph Myers April 3, 2018, 7:27 p.m. | #1
On Tue, 3 Apr 2018, Samuel Thibault wrote:

> and building with mainline GCC which reports it.
> 
> 	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
> 	ifr.fr_name with a NUL caracter.

Are you sure this truncation is correct?  The conclusion we reached for 
the Linux version was to check for a too-big length and return an ENODEV 
error in that case, instead.

Patch

diff --git a/ChangeLog b/ChangeLog
index 36b022cb35..28fa4a5e69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@ 
+2018-04-03  Samuel Thibault  <samuel.thibault@ens-lyon.org>
+
+	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
+	ifr.fr_name with a NUL caracter.
+
 2018-04-03  Wilco Dijkstra  <wdijkstr@arm.com>
 
 	* sysdeps/ieee754/dbl-64/s_sin.c (__sin): Cleanup ifdefs.
diff --git a/sysdeps/mach/hurd/if_index.c b/sysdeps/mach/hurd/if_index.c
index d637353d74..7f647b7036 100644
--- a/sysdeps/mach/hurd/if_index.c
+++ b/sysdeps/mach/hurd/if_index.c
@@ -37,7 +37,9 @@  __if_nametoindex (const char *ifname)
   if (fd < 0)
     return 0;
 
-  strncpy (ifr.ifr_name, ifname, IFNAMSIZ);
+  strncpy (ifr.ifr_name, ifname, IFNAMSIZ - 1);
+  ifr.ifr_name[IFNAMESIZ - 1] = '\0';
+
   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
     {
       int saved_errno = errno;