diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2016-02-05 11:26:27 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2016-02-05 11:26:27 +0000 |
| commit | 2e9d74fac9361a749231e714e5b003c102dfd18d (patch) | |
| tree | 2a1cebf0d3c0e1d4ec3b5b860161e0a2fc2fcdef | |
| parent | 60bcac65ef6f91e18690176faa44f38f5f0fb007 (diff) | |
rtadvd used a strncpy with a src interface name from the command line
without checking its length. Replace it with strlcpy, check for
truncation and move the check before using the user-specified
interface name. While here, replace another strncpy of a interface
name with memset-zero + strlcpy and check for truncation in
if_getmtu() (should not happen as we validated the length before, but
it's better to be safe and generally a better practice).
OK jsg@
| -rw-r--r-- | usr.sbin/rtadvd/config.c | 8 | ||||
| -rw-r--r-- | usr.sbin/rtadvd/if.c | 8 |
2 files changed, 11 insertions, 5 deletions
diff --git a/usr.sbin/rtadvd/config.c b/usr.sbin/rtadvd/config.c index 0989d18fc16..2105d507868 100644 --- a/usr.sbin/rtadvd/config.c +++ b/usr.sbin/rtadvd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.46 2016/01/25 05:00:12 jca Exp $ */ +/* $OpenBSD: config.c,v 1.47 2016/02/05 11:26:26 reyk Exp $ */ /* $KAME: config.c,v 1.62 2002/05/29 10:13:10 itojun Exp $ */ /* @@ -119,6 +119,11 @@ getconfig(char *intface) exit(1); } + /* make sure that the user-specified interface name fits */ + if (strlcpy(tmp->ifname, intface, + sizeof(tmp->ifname)) >= sizeof(tmp->ifname)) + fatalx("invalid interface name"); + /* get interface information */ if (agetflag("nolladdr")) tmp->advlinkopt = 0; @@ -132,7 +137,6 @@ getconfig(char *intface) tmp->ifindex = tmp->sdl->sdl_index; } else tmp->ifindex = if_nametoindex(intface); - strncpy(tmp->ifname, intface, sizeof(tmp->ifname)); if ((tmp->phymtu = if_getmtu(intface)) == 0) { tmp->phymtu = IPV6_MMTU; log_warn("can't get interface mtu of %s. Treat as %d", diff --git a/usr.sbin/rtadvd/if.c b/usr.sbin/rtadvd/if.c index 0b68beebffe..25295ee5865 100644 --- a/usr.sbin/rtadvd/if.c +++ b/usr.sbin/rtadvd/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.35 2015/12/11 20:15:52 mmcc Exp $ */ +/* $OpenBSD: if.c,v 1.36 2016/02/05 11:26:26 reyk Exp $ */ /* $KAME: if.c,v 1.17 2001/01/21 15:27:30 itojun Exp $ */ /* @@ -137,9 +137,11 @@ if_getmtu(char *name) if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) return(0); + memset(&ifr, 0, sizeof(ifr)); ifr.ifr_addr.sa_family = AF_INET6; - strncpy(ifr.ifr_name, name, - sizeof(ifr.ifr_name)); + if (strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)) >= + sizeof(ifr.ifr_name)) + fatalx("strlcpy"); if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) < 0) { close(s); return(0); |