Author: andrew
Date: Wed Apr 1 09:51:29 2020
New Revision: 359505
URL: https://svnweb.freebsd.org/changeset/base/359505
Log:
Use memmove to copy within a buffer
jail(8) would try to use strcpy to remove the interface from the start of
an IP address. This is undefined, and on arm64 will result in unexpected
IPv6 addresses.
Fix this by using memmove top move the string.
PR: 245102
Reported by: sbruno
MFC after: 2 weeks
Sponsored by: Innovate UK
Modified:
head/usr.sbin/jail/config.c
Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c Wed Apr 1 09:01:35 2020 (r359504)
+++ head/usr.sbin/jail/config.c Wed Apr 1 09:51:29 2020 (r359505)
@@ -596,8 +596,8 @@ check_intparams(struct cfjail *j)
if (cs || defif)
add_param(j, NULL, IP__IP4_IFADDR, s->s);
if (cs) {
- strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
+ memmove(s->s, cs + 1, s->len + 1);
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
@@ -617,8 +617,8 @@ check_intparams(struct cfjail *j)
if (cs || defif)
add_param(j, NULL, IP__IP6_IFADDR, s->s);
if (cs) {
- strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
+ memmove(s->s, cs + 1, s->len + 1);
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
