[lxc-devel] [PATCH] coverity: ifr_name buffer not NULL terminated
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Oct 29 14:38:37 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> The kernel (net/core/dev_ioctl.c:dev_ioctl()) is going to NULL terminate
> this name after the copy-in of the ifr, so even though this is a fixed
> sized array the last byte isn't usable as part of the name. All the ioctls
> we're using go through this code path.
>
> Use the ifr name in the DEBUG message in case it was possibly truncated.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/conf.c | 3 ++-
> src/lxc/lxc_user_nic.c | 3 ++-
> src/lxc/network.c | 3 ++-
> 3 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index f579c17..50dc426 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2059,6 +2059,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
> }
>
> memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
> + ifr.ifr_name[IFNAMSIZ-1] = '\0';
> memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
>
> process_lock();
> @@ -2076,7 +2077,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
> if (ret)
> ERROR("ioctl failure : %s", strerror(errno));
>
> - DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
> + DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifr.ifr_name);
>
> return ret;
> }
> diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> index 6c3a09e..bc1c268 100644
> --- a/src/lxc/lxc_user_nic.c
> +++ b/src/lxc/lxc_user_nic.c
> @@ -473,7 +473,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
> if (fd < 0)
> return -errno;
>
> - strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
> + strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
> + ifr.ifr_name[IFNAMSIZ-1] = '\0';
> ifr.ifr_ifindex = index;
> err = ioctl(fd, SIOCBRADDIF, &ifr);
> close(fd);
> diff --git a/src/lxc/network.c b/src/lxc/network.c
> index 09ca8f7..c30287e 100644
> --- a/src/lxc/network.c
> +++ b/src/lxc/network.c
> @@ -1009,7 +1009,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
> if (fd < 0)
> return -errno;
>
> - strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
> + strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
> + ifr.ifr_name[IFNAMSIZ-1] = '\0';
> ifr.ifr_ifindex = index;
> err = ioctl(fd, SIOCBRADDIF, &ifr);
> process_lock();
> --
> 1.8.3.1
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list