MIB-II: use strlcpy when copying interface names to .ifr_name

.ifra_name is assumed to be NUL terminated; using strlcpy(3)
ensures that it's indeed NUL terminated whereas strncpy does
not.

Tested and verified as follows with a combination of ifconfig,
snmpget, and snmpset:

  % ifconfig create lo1 127.0.0.2/8
  % SNMPARGS="-v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des -X bsnmptest localhost"
  % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
  IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
  % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 2
  IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
  % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
  IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
  % snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 1
  IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
  % snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
  IF-MIB::ifAdminStatus.4 = INTEGER: up(1)

MFC after:	2 weeks
Reported by:	Coverity
CID:		1009652-1009656, 1349850
This commit is contained in:
Enji Cooper 2016-12-31 11:50:36 +00:00
parent 1e5211d238
commit 02ff676c4d
2 changed files with 8 additions and 8 deletions

View File

@ -265,7 +265,7 @@ mib_if_admin(struct mibif *ifp, int up)
{
struct ifreq ifr;
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
syslog(LOG_ERR, "SIOCGIFFLAGS(%s): %m", ifp->name);
return (-1);
@ -515,7 +515,7 @@ mib_fetch_ifmib(struct mibif *ifp)
}
out:
strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
strlcpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
irr.ifr_buffer.buffer = MIBIF_PRIV(ifp)->alias;
irr.ifr_buffer.length = sizeof(MIBIF_PRIV(ifp)->alias);
if (ioctl(mib_netsock, SIOCGIFDESCR, &irr) == -1) {
@ -1384,7 +1384,7 @@ siocaifaddr(char *ifname, struct in_addr addr, struct in_addr mask,
struct sockaddr_in *sa;
memset(&addreq, 0, sizeof(addreq));
strncpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
strlcpy(addreq.ifra_name, ifname, sizeof(addreq.ifra_name));
sa = (struct sockaddr_in *)(void *)&addreq.ifra_addr;
sa->sin_family = AF_INET;
@ -1414,7 +1414,7 @@ siocdifaddr(const char *ifname, struct in_addr addr)
struct sockaddr_in *sa;
memset(&delreq, 0, sizeof(delreq));
strncpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
strlcpy(delreq.ifr_name, ifname, sizeof(delreq.ifr_name));
sa = (struct sockaddr_in *)(void *)&delreq.ifr_addr;
sa->sin_family = AF_INET;
sa->sin_len = sizeof(*sa);
@ -1433,7 +1433,7 @@ verify_ifa(const char *name, struct mibifa *ifa)
struct sockaddr_in *sa;
memset(&req, 0, sizeof(req));
strncpy(req.ifr_name, name, sizeof(req.ifr_name));
strlcpy(req.ifr_name, name, sizeof(req.ifr_name));
sa = (struct sockaddr_in *)(void *)&req.ifr_addr;
sa->sin_family = AF_INET;
sa->sin_len = sizeof(*sa);

View File

@ -77,7 +77,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
switch (op) {
case SNMP_DEPOP_COMMIT:
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr) == -1) {
syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
return (SNMP_ERR_GENERR);
@ -95,7 +95,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
ifc->rb |= IFRB_FLAGS;
}
if (ifc->rb & IFRB_FLAGS) {
strncpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
strlcpy(ifr1.ifr_name, ifp->name, sizeof(ifr1.ifr_name));
if (ioctl(mib_netsock, SIOCGIFFLAGS, &ifr1) == -1) {
syslog(LOG_ERR, "GIFFLAGS(%s): %m", ifp->name);
return (SNMP_ERR_GENERR);
@ -116,7 +116,7 @@ ifchange_func(struct snmp_context *ctx __unused, struct snmp_dependency *dep,
case SNMP_DEPOP_ROLLBACK:
if (ifc->rb & IFRB_FLAGS) {
strncpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_name, ifp->name, sizeof(ifr.ifr_name));
ifr.ifr_flags = ifc->rb_flags;
if (ioctl(mib_netsock, SIOCSIFFLAGS, &ifr) == -1) {
syslog(LOG_ERR, "SIFFLAGS(%s): %m", ifp->name);