This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] fix strncpy overflow in sysdeps/unix/sysv/linux/if_index.c


When compiling glibc with gcc-8, the strncpy() call in
__if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c gets flagged
for a possible string overflow.  I believe the following patch fixes
it.

Jason


--- sysdeps/unix/sysv/linux/if_index.c.orig     2018-02-20
07:35:09.835359401 -0500
+++ sysdeps/unix/sysv/linux/if_index.c  2018-02-20 07:51:45.919075043 -0500
@@ -43,7 +43,8 @@
   if (fd < 0)
     return 0;

-  strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+  strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name) - 1);
+  ifr.ifr_name[strlen (ifname) - 1] = '\0';
   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
     {
       int saved_errno = errno;


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]