From 265e8a9acccfc1b6f90f9654c03d297f3ed2d150 Mon Sep 17 00:00:00 2001 From: Andrew Thompson Date: Thu, 4 Oct 2007 09:45:41 +0000 Subject: [PATCH] Fix the module name matching to the drivers present in the kernel. Previously it would return true on a partial match where it would think the edsc module was already present by having a positive match on 'ed'. This changes it so that it compares the full string including the nul terminators. This also fixes a buffer overflow in the ifkind variable where the length of the interface name in *argv wasnt checked for size. Reviewed by: brooks Approved by: re (gnn) --- sbin/ifconfig/ifconfig.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 153147c3ac82..3ea1b31fdf4d 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -895,21 +895,28 @@ printb(const char *s, unsigned v, const char *bits) void ifmaybeload(const char *name) { +#define MOD_PREFIX_LEN 3 /* "if_" */ struct module_stat mstat; int fileid, modid; - char ifkind[35], *dp; + char ifkind[IFNAMSIZ + MOD_PREFIX_LEN], ifname[IFNAMSIZ], *dp; const char *cp; /* loading suppressed by the user */ if (noload) return; + /* trim the interface number off the end */ + strlcpy(ifname, name, sizeof(ifname)); + for (dp = ifname; *dp != 0; dp++) + if (isdigit(*dp)) { + *dp = 0; + break; + } + /* turn interface and unit into module name */ strcpy(ifkind, "if_"); - for (cp = name, dp = ifkind + 3; - (*cp != 0) && !isdigit(*cp); cp++, dp++) - *dp = *cp; - *dp = 0; + strlcpy(ifkind + MOD_PREFIX_LEN, ifname, + sizeof(ifkind) - MOD_PREFIX_LEN); /* scan files in kernel */ mstat.version = sizeof(struct module_stat); @@ -926,8 +933,8 @@ ifmaybeload(const char *name) cp = mstat.name; } /* already loaded? */ - if (strncmp(name, cp, strlen(cp)) == 0 || - strncmp(ifkind, cp, strlen(cp)) == 0) + if (strncmp(ifname, cp, strlen(ifname) + 1) == 0 || + strncmp(ifkind, cp, strlen(ifkind) + 1) == 0) return; } }