The ifr.ifr_name is passed around and assumed to be NULL terminated.
Signed-off-by: David S. Miller <da...@davemloft.net>
---
net/core/dev_ioctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 7657ad6bc13d..06b147d7d9e2 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -28,6 +28,7 @@ static int dev_ifname(struct net *net, struct ifreq __user
*arg)
if (copy_from_user(&ifr, arg, sizeof(struct ifreq)))
return -EFAULT;
+ ifr.ifr_name[IFNAMSIZ-1] = 0;
error = netdev_get_name(net, ifr.ifr_name, ifr.ifr_ifindex);
if (error)
--
2.13.3
