Hi All,
>From nd6_rtr.c:
bzero(&ifra, sizeof(ifra));
/*
* in6_update_ifa() does not use ifra_name, but we accurately set it
* for safety.
*/
strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
ifra.ifra_addr.sin6_family = AF_INET6;
ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
Assuming that if_name(ifp) is the maximum size, wouldn't that possibly lead to
an unterminated string.
In such a case, wouldn't strlcpy be better ?
Index: sys/netinet6/nd6_rtr.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.72
diff -u -p -r1.72 nd6_rtr.c
--- sys/netinet6/nd6_rtr.c 1 Jul 2013 14:22:20 -0000 1.72
+++ sys/netinet6/nd6_rtr.c 3 Oct 2013 15:33:22 -0000
@@ -1814,7 +1814,7 @@ in6_ifadd(struct nd_prefix *pr, int priv
* in6_update_ifa() does not use ifra_name, but we accurately set it
* for safety.
*/
- strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
+ strlcpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
ifra.ifra_addr.sin6_family = AF_INET6;
ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
/* prefix */
