Hi All, >From nd6_rtr.c:
bzero(&ifra, sizeof(ifra)); /* * in6_update_ifa() does not use ifra_name, but we accurately set it * for safety. */ strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name)); ifra.ifra_addr.sin6_family = AF_INET6; ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6); Assuming that if_name(ifp) is the maximum size, wouldn't that possibly lead to an unterminated string. In such a case, wouldn't strlcpy be better ? Index: sys/netinet6/nd6_rtr.c =================================================================== RCS file: /cvs/src/sys/netinet6/nd6_rtr.c,v retrieving revision 1.72 diff -u -p -r1.72 nd6_rtr.c --- sys/netinet6/nd6_rtr.c 1 Jul 2013 14:22:20 -0000 1.72 +++ sys/netinet6/nd6_rtr.c 3 Oct 2013 15:33:22 -0000 @@ -1814,7 +1814,7 @@ in6_ifadd(struct nd_prefix *pr, int priv * in6_update_ifa() does not use ifra_name, but we accurately set it * for safety. */ - strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name)); + strlcpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name)); ifra.ifra_addr.sin6_family = AF_INET6; ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6); /* prefix */