We supply number of bytes available in @alias via @len
parameter to dev_set_alias() which is not the same
as zero terminated string length that can be shorter.
Both dev_set_alias() users (rtnetlink and sysfs) can
submit number of bytes up to IFALIASZ with actual string
length slightly shorter by putting '\0' not at @len - 1.
Use strnlen() to get length of zero terminated string
and not access beyond @len. Correct comment about @len
and explain how to unset alias (i.e. use zero for @len).
Signed-off-by: Serhey Popovych <serhe.popov...@gmail.com>
---
net/core/dev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index b0eee49..d362fe6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1243,7 +1243,7 @@ int dev_change_name(struct net_device *dev, const char
*newname)
* dev_set_alias - change ifalias of a device
* @dev: device
* @alias: name up to IFALIASZ
- * @len: limit of bytes to copy from info
+ * @len: number of bytes available in @alias, zero to unset current alias
*
* Set ifalias for a device,
*/
@@ -1255,6 +1255,8 @@ int dev_set_alias(struct net_device *dev, const char
*alias, size_t len)
return -EINVAL;
if (len) {
+ len = strnlen(alias, len);
+
new_alias = kmalloc(sizeof(*new_alias) + len + 1, GFP_KERNEL);
if (!new_alias)
return -ENOMEM;
--
1.8.3.1
