This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] fix strncpy overflow in sysdeps/unix/sysv/linux/if_index.c

I was trying to build 2.26 under Debian.  I could've sworn I checked
the upstream master first before submitting this.  I must've looked in
the wrong place -- sorry for the noise.

Jason

On Tue, Feb 20, 2018 at 8:26 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 02/20/2018 01:57 PM, Jason Duerstock wrote:
>>
>> When compiling glibc with gcc-8, the strncpy() call in
>> __if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c gets flagged
>> for a possible string overflow.  I believe the following patch fixes
>> it.
>>
>> Jason
>>
>>
>> --- sysdeps/unix/sysv/linux/if_index.c.orig     2018-02-20
>> 07:35:09.835359401 -0500
>> +++ sysdeps/unix/sysv/linux/if_index.c  2018-02-20 07:51:45.919075043
>> -0500
>> @@ -43,7 +43,8 @@
>>     if (fd < 0)
>>       return 0;
>>
>> -  strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
>> +  strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name) - 1);
>> +  ifr.ifr_name[strlen (ifname) - 1] = '\0';
>>     if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
>>       {
>>         int saved_errno = errno;
>
>
> Which sources are you looking at?
>
> I believe this is bug 22442, and we fixed it in:
>
> commit 2180fee114b778515b3f560e5ff1e795282e60b0
> Author: Steve Ellcey <sellcey@caviumnetworks.com>
> Date:   Wed Nov 15 08:58:48 2017 -0800
>
>     Check length of ifname before copying it into to ifreq structure.
>
> Thanks,
> Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]