On 12/6/12 1:18 AM, Frank Meerkötter wrote:
@@ -345,7 +345,7 @@ int system_bridge_delif(struct device *bridge, struct device *dev)
static int system_if_resolve(struct device *dev)
{
struct ifreq ifr;
- strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1);
if (!ioctl(sock_ioctl, SIOCGIFINDEX, &ifr))
A copy of a string of length sizeof(buf)-1 will leave the string
unterminated (or, more precisely, ifr.ifr_name[sizeof(buf)-1] value is
undefined).
Add:
ifr.ifr_name[sizeof(ifr.ifr_name)-1] = 0;
Some of the other cases had mem-zeroed the buffers, while some (still)
left the possibility of an unterminated string.
--
-Justin
justinval...@gmail.com
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
