MIB-II: use strlcpy when copying interface names to .ifr_name
.ifra_name is assumed to be NUL terminated; using strlcpy(3) ensures that it's indeed NUL terminated whereas strncpy does not. Tested and verified as follows with a combination of ifconfig, snmpget, and snmpset: % ifconfig create lo1 127.0.0.2/8 % SNMPARGS="-v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des -X bsnmptest localhost" % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4 IF-MIB::ifAdminStatus.4 = INTEGER: up(1) % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 2 IF-MIB::ifAdminStatus.4 = INTEGER: down(2) % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4 IF-MIB::ifAdminStatus.4 = INTEGER: down(2) % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 1 IF-MIB::ifAdminStatus.4 = INTEGER: up(1) % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4 IF-MIB::ifAdminStatus.4 = INTEGER: up(1) MFC after: 2 weeks Reported by: Coverity CID: 1009652-1009656, 1349850
This commit is contained in:
parent
1e5211d238
commit
02ff676c4d
@ -265,7 +265,7 @@ mib_if_admin(struct mibif *ifp, int up)
|
||||
{
|
||||
struct ifreq ifr;
|
||||
|
||||
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
|
||||
syslog(LOG_ERR, "SIOCGIFFLAGS(%s): %m", ifp->name);
|
||||
return (-1);
|
||||
@ -515,7 +515,7 @@ mib_fetch_ifmib(struct mibif *ifp)
|
||||
}
|
||||
|
||||
out:
|
||||
strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
|
||||
strlcpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
|
||||
irr.ifr_buffer.buffer = MIBIF_PRIV(ifp)->alias;
|
||||
irr.ifr_buffer.length = sizeof(MIBIF_PRIV(ifp)->alias);
|
||||
if (ioctl(mib_netsock, SIOCGIFDESCR, &irr) == -1) {
|
||||
@ -1384,7 +1384,7 @@ siocaifaddr(char *ifname, struct in_addr addr, struct in_addr mask,
|
||||
struct sockaddr_in *sa;
|
||||
|
||||
memset(&addreq, 0, sizeof(addreq));
|
||||
strncpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
|
||||
strlcpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
|
||||
|
||||
sa = (struct sockaddr_in *)(void *)&addreq.ifra_addr;
|
||||
sa->sin_family = AF_INET;
|
||||
@ -1414,7 +1414,7 @@ siocdifaddr(const char *ifname, struct in_addr addr)
|
||||
struct sockaddr_in *sa;
|
||||
|
||||
memset(&delreq, 0, sizeof(delreq));
|
||||
strncpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
|
||||
strlcpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
|
||||
sa = (struct sockaddr_in *)(void *)&delreq.ifr_addr;
|
||||
sa->sin_family = AF_INET;
|
||||
sa->sin_len = sizeof(*sa);
|
||||
@ -1433,7 +1433,7 @@ verify_ifa(const char *name, struct mibifa *ifa)
|
||||
struct sockaddr_in *sa;
|
||||
|
||||
memset(&req, 0, sizeof(req));
|
||||
strncpy(req.ifr_name, name, sizeof(req.ifr_name));
|
||||
strlcpy(req.ifr_name, name, sizeof(req.ifr_name));
|
||||
sa = (struct sockaddr_in *)(void *)&req.ifr_addr;
|
||||
sa->sin_family = AF_INET;
|
||||
sa->sin_len = sizeof(*sa);
|
||||
|
@ -77,7 +77,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
|
||||
switch (op) {
|
||||
|
||||
case SNMP_DEPOP_COMMIT:
|
||||
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
|
||||
syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
|
||||
return (SNMP_ERR_GENERR);
|
||||
@ -95,7 +95,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
|
||||
ifc->rb |= IFRB_FLAGS;
|
||||
}
|
||||
if (ifc->rb & IFRB_FLAGS) {
|
||||
strncpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
|
||||
strlcpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
|
||||
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr1) == -1) {
|
||||
syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
|
||||
return (SNMP_ERR_GENERR);
|
||||
@ -116,7 +116,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
|
||||
|
||||
case SNMP_DEPOP_ROLLBACK:
|
||||
if (ifc->rb & IFRB_FLAGS) {
|
||||
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
|
||||
ifr.ifr_flags = ifc->rb_flags;
|
||||
if (ioctl(mib_netsock, SIOCSIFFLAGS, &ifr) == -1) {
|
||||
syslog(LOG_ERR, "SIFFLAGS(%s): %m", ifp->name);
|
||||
|
Loading…
Reference in New Issue
Block a user