[lxc-devel] [PATCH] coverity: ifr_name buffer not NULL terminated

Serge Hallyn serge.hallyn at ubuntu.com
Tue Oct 29 14:38:37 UTC 2013 

Quoting Dwight Engen (dwight.engen at oracle.com):
> The kernel (net/core/dev_ioctl.c:dev_ioctl()) is going to NULL terminate
> this name after the copy-in of the ifr, so even though this is a fixed
> sized array the last byte isn't usable as part of the name. All the ioctls
> we're using go through this code path.
> 
> Use the ifr name in the DEBUG message in case it was possibly truncated.
> 
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
>  src/lxc/conf.c         | 3 ++-
>  src/lxc/lxc_user_nic.c | 3 ++-
>  src/lxc/network.c      | 3 ++-
>  3 files changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index f579c17..50dc426 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2059,6 +2059,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
>  	}
>  
>  	memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
> +	ifr.ifr_name[IFNAMSIZ-1] = '\0';
>  	memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
>  
>  	process_lock();
> @@ -2076,7 +2077,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
>  	if (ret)
>  		ERROR("ioctl failure : %s", strerror(errno));
>  
> -	DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
> +	DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifr.ifr_name);
>  
>  	return ret;
>  }
> diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> index 6c3a09e..bc1c268 100644
> --- a/src/lxc/lxc_user_nic.c
> +++ b/src/lxc/lxc_user_nic.c
> @@ -473,7 +473,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
>  	if (fd < 0)
>  		return -errno;
>  
> -	strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
> +	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
> +	ifr.ifr_name[IFNAMSIZ-1] = '\0';
>  	ifr.ifr_ifindex = index;
>  	err = ioctl(fd, SIOCBRADDIF, &ifr);
>  	close(fd);
> diff --git a/src/lxc/network.c b/src/lxc/network.c
> index 09ca8f7..c30287e 100644
> --- a/src/lxc/network.c
> +++ b/src/lxc/network.c
> @@ -1009,7 +1009,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
>  	if (fd < 0)
>  		return -errno;
>  
> -	strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
> +	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
> +	ifr.ifr_name[IFNAMSIZ-1] = '\0';
>  	ifr.ifr_ifindex = index;
>  	err = ioctl(fd, SIOCBRADDIF, &ifr);
>  	process_lock();
> -- 
> 1.8.3.1
> 
> 
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

More information about the lxc-devel mailing list