[lxc-devel] [lxc/master] confile_utils: fix overlapping strncpy

[flx42 on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 484 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171122/78d62da5/attachment.bin>
-------------- next part --------------
From ee3e84df78424d26fc6c90862fbe0fa92a686b0d Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Tue, 21 Nov 2017 22:27:19 -0800
Subject: [PATCH] confile_utils: fix overlapping strncpy

In the case of "lxc.net.0.type", the pointers passed to strncpy were
only 2 elements apart, resulting in undefined behavior.

Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
 src/lxc/confile_utils.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index d86a2d88e..50f42ef8c 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -567,7 +567,8 @@ bool lxc_config_net_hwaddr(const char *line)
 			return false;
 		}
 		/* strlen("hwaddr") = 6 */
-		strncpy(copy + 8, p + 1, 6);
+		if (strlen(p + 1) >= 6)
+			 memmove(copy + 8, p + 1, 6);
 		copy[8 + 6] = '\0';
 	}
 	if (strncmp(copy, "lxc.net.hwaddr", 14) == 0) {
@@ -591,7 +592,8 @@ bool lxc_config_net_hwaddr(const char *line)
 			return false;
 		}
 		/* strlen("hwaddr") = 6 */
-		strncpy(copy + 12, p + 1, 6);
+		if (strlen(p + 1) >= 6)
+			memmove(copy + 12, p + 1, 6);
 		copy[12 + 6] = '\0';
 	}
 	if (strncmp(copy, "lxc.network.hwaddr", 18) == 0) {