This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[hurd,commited] hurd: Fix buffer overrun in __if_nametoindex
- From: Samuel Thibault <samuel dot thibault at ens-lyon dot org>
- To: libc-alpha at sourceware dot org
- Cc: Samuel Thibault <samuel dot thibault at ens-lyon dot org>
- Date: Tue, 3 Apr 2018 18:08:18 +0200
- Subject: [hurd,commited] hurd: Fix buffer overrun in __if_nametoindex
and building with mainline GCC which reports it.
* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
ifr.fr_name with a NUL caracter.
---
ChangeLog | 5 +++++
sysdeps/mach/hurd/if_index.c | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 36b022cb35..28fa4a5e69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-04-03 Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+ * sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
+ ifr.fr_name with a NUL caracter.
+
2018-04-03 Wilco Dijkstra <wdijkstr@arm.com>
* sysdeps/ieee754/dbl-64/s_sin.c (__sin): Cleanup ifdefs.
diff --git a/sysdeps/mach/hurd/if_index.c b/sysdeps/mach/hurd/if_index.c
index d637353d74..7f647b7036 100644
--- a/sysdeps/mach/hurd/if_index.c
+++ b/sysdeps/mach/hurd/if_index.c
@@ -37,7 +37,9 @@ __if_nametoindex (const char *ifname)
if (fd < 0)
return 0;
- strncpy (ifr.ifr_name, ifname, IFNAMSIZ);
+ strncpy (ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ ifr.ifr_name[IFNAMESIZ - 1] = '\0';
+
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{
int saved_errno = errno;
--
2.16.2