truncate not overflow ifname (was Re: [vblade] Obtain interface MTU on FreeBSD (6c36062))

Ed Cashin <ed.cashin@xxxxxxx> · Tue, 20 May 2014 20:14:26 -0600

I mentioned that it would be nice to check the amount copied in
the new FreeBSD getmtu implementation.  I got this feedback:

On 2014-05-20 10:10, Catalin Salgau wrote:
...
While I understand your concern regarding strcpy, I believe it
shouldn't be included in this patch. The code is modelled against the
linux.c equivalent, and that uses strcpy. I propose you accept it
using legacy functions and overhaul all uses of unsafe functions in a
separate commit.

The changes in the attached patch are also in a staging branch here:

  https://github.com/ecashin/vblade/compare/master...staging

The patch changes the places where we copy the ethernet interface
name (which comes from the CLI args) into a buffer.  Before, it
could overflow the buffer.  With these changes, it silently truncates
the interface name instead.

It has gotten so hard to find email clients that are good at sending
patches, much less sending them without MIME, that I'm ready to give
up.  If someone feels strongly about it, please chime in.  Otherwise,
please let me know if you have any trouble viewing or applying the
attached patch.

Catalin Salgau, if you get a chance to try this patch on FreeBSD,
please let us know how it works.

--
  Ed Cashin <ed.cashin@xxxxxxx>

diff --git a/freebsd.c b/freebsd.c
index 9e36062..6b657c0 100644
--- a/freebsd.c
+++ b/freebsd.c
@@ -270,7 +270,7 @@ getmtu(int fd, char *name)
 		return 1500;
 	}
 	xx.ifr_addr.sa_family = AF_INET;
-	strcpy(xx.ifr_name, name);
+	snprintf(xx.ifr_name, sizeof xx.ifr_name, "%s", name);
 	n = ioctl(s,SIOCGIFMTU, &xx);
 	if (n == -1) {
 		perror("Can't get mtu");
diff --git a/linux.c b/linux.c
index 11aa2e7..a8fb3c7 100644
--- a/linux.c
+++ b/linux.c
@@ -78,7 +78,7 @@ getindx(int s, char *name)	// return the index of device 'name'
 	struct ifreq xx;
 	int n;
 
-	strcpy(xx.ifr_name, name);
+	snprintf(xx.ifr_name, sizeof xx.ifr_name, "%s", name);
 	n = ioctl(s, SIOCGIFINDEX, &xx);
 	if (n == -1)
 		return -1;
@@ -91,7 +91,7 @@ getea(int s, char *name, uchar *ea)
 	struct ifreq xx;
 	int n;
 
-        strcpy(xx.ifr_name, name);
+        snprintf(xx.ifr_name, sizeof xx.ifr_name, "%s", name);
 	n = ioctl(s, SIOCGIFHWADDR, &xx);
 	if (n == -1) {
 		perror("Can't get hw addr");
@@ -107,7 +107,7 @@ getmtu(int s, char *name)
 	struct ifreq xx;
 	int n;
 
-	strcpy(xx.ifr_name, name);
+	snprintf(xx.ifr_name, sizeof xx.ifr_name, "%s", name);
 	n = ioctl(s, SIOCGIFMTU, &xx);
 	if (n == -1) {
 		perror("Can't get mtu");
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Aoetools-discuss mailing list
Aoetools-discuss@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/aoetools-discuss




