On Thu, Oct 03, 2013 at 08:42:17AM -0700, Loganaden Velvindron wrote:
> Hi All,
>
> >From nd6_rtr.c:
>
> bzero(&ifra, sizeof(ifra));
> /*
> * in6_update_ifa() does not use ifra_name, but we accurately set it
> * for safety.
> */
> strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
> ifra.ifra_addr.sin6_family = AF_INET6;
> ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
>
> Assuming that if_name(ifp) is the maximum size, wouldn't that possibly lead to
> an unterminated string.
>
> In such a case, wouldn't strlcpy be better ?
AFAIK, interface names always can be unterminated.
-Otto
>
> Index: sys/netinet6/nd6_rtr.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/nd6_rtr.c,v
> retrieving revision 1.72
> diff -u -p -r1.72 nd6_rtr.c
> --- sys/netinet6/nd6_rtr.c 1 Jul 2013 14:22:20 -0000 1.72
> +++ sys/netinet6/nd6_rtr.c 3 Oct 2013 15:33:22 -0000
> @@ -1814,7 +1814,7 @@ in6_ifadd(struct nd_prefix *pr, int priv
> * in6_update_ifa() does not use ifra_name, but we accurately set it
> * for safety.
> */
> - strncpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
> + strlcpy(ifra.ifra_name, ifp->if_xname, sizeof(ifra.ifra_name));
> ifra.ifra_addr.sin6_family = AF_INET6;
> ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
> /* prefix */
