| Message ID | 1449545195-18195-2-git-send-email-trini@konsulko.com |
|---|---|
| State | Accepted |
| Commit | ab971e192adcf0a501c8998542ab116512c0c260 |
| Delegated to: | Simon Glass |
| Headers | show |
On 7 December 2015 at 20:26, Tom Rini <trini@konsulko.com> wrote: > Coverity notes that we do not ensure when we copy ifname we still have > space left to ensure NULL termination. As cannot control the size of > ifr_name we must make sure that our argument will not overflow the > buffer. > > Reported-by: Coverity (CID 131094) > Cc: Simon Glass <sjg@chromium.org> > Signed-off-by: Tom Rini <trini@konsulko.com> > --- > arch/sandbox/cpu/eth-raw-os.c | 4 ++++ > 1 file changed, 4 insertions(+) Reviewed-by: Simon Glass <sjg@chromium.org>
Applied to u-boot-dm/next.
diff --git a/arch/sandbox/cpu/eth-raw-os.c b/arch/sandbox/cpu/eth-raw-os.c index b76a731..528865f 100644 --- a/arch/sandbox/cpu/eth-raw-os.c +++ b/arch/sandbox/cpu/eth-raw-os.c @@ -76,6 +76,10 @@ static int _raw_packet_start(const char *ifname, unsigned char *ethmac, printf("Failed to set promiscuous mode: %d %s\n" "Falling back to the old \"flags\" way...\n", errno, strerror(errno)); + if (strlen(ifname) >= IFNAMSIZ) { + printf("Interface name %s is too long.\n", ifname); + return -EINVAL; + } strncpy(ifr.ifr_name, ifname, IFNAMSIZ); if (ioctl(priv->sd, SIOCGIFFLAGS, &ifr) < 0) { printf("Failed to read flags: %d %s\n", errno,
Coverity notes that we do not ensure when we copy ifname we still have space left to ensure NULL termination. As cannot control the size of ifr_name we must make sure that our argument will not overflow the buffer. Reported-by: Coverity (CID 131094) Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> --- arch/sandbox/cpu/eth-raw-os.c | 4 ++++ 1 file changed, 4 insertions(+)