From: Daniel Wagner <[email protected]>
ifr_name is a null terminated buffer, therefore we should
only copy IFNAMSIZ - 1 characters.
While we are at it we also use sizeof() consistenlty.
Reported by coverity.
---
src/6to4.c | 8 ++++----
src/inet.c | 10 +++++-----
src/rtnl.c | 2 +-
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/6to4.c b/src/6to4.c
index ea4d7f8..463d2da 100644
--- a/src/6to4.c
+++ b/src/6to4.c
@@ -77,9 +77,9 @@ static int tunnel_create(struct in_addr *addr)
p.iph.protocol = IPPROTO_IPV6;
p.iph.saddr = addr->s_addr;
p.iph.ttl = 64;
- strncpy(p.name, "tun6to4", IFNAMSIZ);
+ strncpy(p.name, "tun6to4", sizeof(p.name) - 1);
- strncpy(ifr.ifr_name, "sit0", IFNAMSIZ);
+ strncpy(ifr.ifr_name, "sit0", sizeof(ifr.ifr_name) - 1);
ifr.ifr_ifru.ifru_data = (void *)&p;
fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
ret = ioctl(fd, SIOCADDTUNNEL, &ifr);
@@ -109,9 +109,9 @@ static void tunnel_destroy(void)
p.iph.version = 4;
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
- strncpy(p.name, "tun6to4", IFNAMSIZ);
+ strncpy(p.name, "tun6to4", sizeof(p.name) - 1);
- strncpy(ifr.ifr_name, "tun6to4", IFNAMSIZ);
+ strncpy(ifr.ifr_name, "tun6to4", sizeof(ifr.ifr_name) - 1);
ifr.ifr_ifru.ifru_data = (void *)&p;
fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd < 0) {
diff --git a/src/inet.c b/src/inet.c
index 8f204b7..ae81ab3 100644
--- a/src/inet.c
+++ b/src/inet.c
@@ -203,7 +203,7 @@ int connman_inet_ifindex(const char *name)
return -1;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1);
err = ioctl(sk, SIOCGIFINDEX, &ifr);
@@ -336,7 +336,7 @@ int connman_inet_ifdown(int index)
}
memset(&addr_ifr, 0, sizeof(addr_ifr));
- memcpy(&addr_ifr.ifr_name, &ifr.ifr_name, sizeof(ifr.ifr_name));
+ memcpy(&addr_ifr.ifr_name, &ifr.ifr_name, sizeof(ifr.ifr_name) - 1);
addr = (struct sockaddr_in *)&addr_ifr.ifr_addr;
addr->sin_family = AF_INET;
if (ioctl(sk, SIOCSIFADDR, &addr_ifr) < 0)
@@ -1106,7 +1106,7 @@ int connman_inet_remove_from_bridge(int index, const char
*bridge)
}
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_name, bridge, sizeof(ifr.ifr_name) - 1);
ifr.ifr_ifindex = index;
if (ioctl(sk, SIOCBRDELIF, &ifr) < 0)
@@ -1137,7 +1137,7 @@ int connman_inet_add_to_bridge(int index, const char
*bridge)
}
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_name, bridge, sizeof(ifr.ifr_name) - 1);
ifr.ifr_ifindex = index;
if (ioctl(sk, SIOCBRADDIF, &ifr) < 0)
@@ -1196,7 +1196,7 @@ int connman_inet_setup_tunnel(char *tunnel, int mtu)
goto done;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, tunnel, IFNAMSIZ);
+ strncpy(ifr.ifr_name, tunnel, sizeof(ifr.ifr_name) - 1);
err = ioctl(sk, SIOCGIFFLAGS, &ifr);
if (err)
goto done;
diff --git a/src/rtnl.c b/src/rtnl.c
index 80a6edc..6b89c48 100644
--- a/src/rtnl.c
+++ b/src/rtnl.c
@@ -104,7 +104,7 @@ static bool wext_interface(char *ifname)
return false;
memset(&wrq, 0, sizeof(wrq));
- strncpy(wrq.ifr_name, ifname, IFNAMSIZ);
+ strncpy(wrq.ifr_name, ifname, sizeof(wrq.ifr_name) - 1);
err = ioctl(fd, SIOCGIWNAME, &wrq);
--
1.8.4.474.g128a96c
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
