Message ID | 20180403160818.4652-1-samuel.thibault@ens-lyon.org |
---|---|
State | New |
Headers | show |
Series | [hurd,commited] hurd: Fix buffer overrun in __if_nametoindex | expand |
On Tue, 3 Apr 2018, Samuel Thibault wrote: > and building with mainline GCC which reports it. > > * sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end > ifr.fr_name with a NUL caracter. Are you sure this truncation is correct? The conclusion we reached for the Linux version was to check for a too-big length and return an ENODEV error in that case, instead.
diff --git a/ChangeLog b/ChangeLog index 36b022cb35..28fa4a5e69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2018-04-03 Samuel Thibault <samuel.thibault@ens-lyon.org> + + * sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end + ifr.fr_name with a NUL caracter. + 2018-04-03 Wilco Dijkstra <wdijkstr@arm.com> * sysdeps/ieee754/dbl-64/s_sin.c (__sin): Cleanup ifdefs. diff --git a/sysdeps/mach/hurd/if_index.c b/sysdeps/mach/hurd/if_index.c index d637353d74..7f647b7036 100644 --- a/sysdeps/mach/hurd/if_index.c +++ b/sysdeps/mach/hurd/if_index.c @@ -37,7 +37,9 @@ __if_nametoindex (const char *ifname) if (fd < 0) return 0; - strncpy (ifr.ifr_name, ifname, IFNAMSIZ); + strncpy (ifr.ifr_name, ifname, IFNAMSIZ - 1); + ifr.ifr_name[IFNAMESIZ - 1] = '\0'; + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) { int saved_errno = errno;