Use IFNAMSIZ instead of a magic value for the length of an interface

name. Prevent the kernel from potentially overflowing the interface name variable. The size argument of strlcpy is complex because the name is not null-terminated in sdl_data.
2004-01-27 01:43:14 +00:00 · 2004-01-27 01:43:14 +00:00 · 280fcfee01
commit 280fcfee01
parent def0705074
2 changed files with 5 additions and 4 deletions
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@ -113,7 +113,7 @@ struct	in6_aliasreq	in6_addreq =
 struct	sockaddr_in	netmask;
 struct	netrange	at_nr;		/* AppleTalk net range */

-char	name[32];
+char	name[IFNAMSIZ];
 int	flags;
 int	setaddr;
 int	setipdst;
@ -596,8 +596,9 @@ main(int argc, char *argv[])
 			addrcount++;
 			next += nextifm->ifm_msglen;
 		}
-		strncpy(name, sdl->sdl_data, sdl->sdl_nlen);
-		name[sdl->sdl_nlen] = '\0';
+		strlcpy(name, sdl->sdl_data,
+		    sizeof(name) <= sdl->sdl_nlen ?
+		    sizeof(name) : sdl->sdl_nlen + 1);

 		if (all || namesonly) {
 			if (uponly)
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@ -36,7 +36,7 @@

 extern struct ifreq ifr;

-extern char name[32];	/* name of interface */
+extern char name[IFNAMSIZ];	/* name of interface */
 extern int allmedia;
 extern int supmedia;
 struct afswtch;