|
 |
fb0f9b |
From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001
|
|
|
fb0f9b |
From: Jan Macku <jamacku@redhat.com>
|
|
|
fb0f9b |
Date: Tue, 8 Jun 2021 15:41:58 +0200
|
|
|
fb0f9b |
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
|
|
|
fb0f9b |
|
|
|
fb0f9b |
Resolves: #1938746
|
|
|
fb0f9b |
---
|
|
|
fb0f9b |
ifenslave.c | 43 +++++++++++++++++++++++++++----------------
|
|
|
fb0f9b |
1 file changed, 27 insertions(+), 16 deletions(-)
|
|
|
fb0f9b |
|
|
|
fb0f9b |
diff --git a/ifenslave.c b/ifenslave.c
|
|
|
fb0f9b |
index 1efe4f1..59bce4c 100644
|
|
|
fb0f9b |
--- a/ifenslave.c
|
|
|
fb0f9b |
+++ b/ifenslave.c
|
|
|
fb0f9b |
@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname)
|
|
|
fb0f9b |
char *endptr;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
ifr.ifr_data = (caddr_t)&info;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
info.cmd = ETHTOOL_GDRVINFO;
|
|
|
fb0f9b |
@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname)
|
|
|
fb0f9b |
return 1;
|
|
|
fb0f9b |
}
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) &&
|
|
|
fb0f9b |
(ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) {
|
|
|
fb0f9b |
saved_errno = errno;
|
|
|
fb0f9b |
@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname)
|
|
|
fb0f9b |
}
|
|
|
fb0f9b |
|
|
|
fb0f9b |
/* Do the real thing */
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) &&
|
|
|
fb0f9b |
(ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) {
|
|
|
fb0f9b |
saved_errno = errno;
|
|
|
fb0f9b |
@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname)
|
|
|
fb0f9b |
return 1;
|
|
|
fb0f9b |
}
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) &&
|
|
|
fb0f9b |
(ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) {
|
|
|
fb0f9b |
saved_errno = errno;
|
|
|
fb0f9b |
@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[])
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
for (i = 0; ifra[i].req_ifr; i++) {
|
|
|
fb0f9b |
- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
+ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0';
|
|
|
fb0f9b |
res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
saved_errno = errno;
|
|
|
fb0f9b |
@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname)
|
|
|
fb0f9b |
{
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
+ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0';
|
|
|
fb0f9b |
res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
saved_errno = errno;
|
|
|
fb0f9b |
@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr)
|
|
|
fb0f9b |
struct ifreq ifr;
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
|
|
|
fb0f9b |
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr)
|
|
|
fb0f9b |
struct ifreq ifr;
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
|
|
|
fb0f9b |
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu)
|
|
|
fb0f9b |
struct ifreq ifr;
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
ifr.ifr_mtu = mtu;
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
|
|
|
fb0f9b |
res = ioctl(skfd, SIOCSIFMTU, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags)
|
|
|
fb0f9b |
struct ifreq ifr;
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
ifr.ifr_flags = flags;
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
|
|
|
fb0f9b |
res = ioctl(skfd, SIOCSIFFLAGS, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname)
|
|
|
fb0f9b |
struct ifreq ifr;
|
|
|
fb0f9b |
int res = 0;
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
ifr.ifr_addr.sa_family = AF_INET;
|
|
|
fb0f9b |
memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data));
|
|
|
fb0f9b |
|
|
|
fb0f9b |
@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
|
|
|
fb0f9b |
{NULL, NULL, 0, 0},
|
|
|
fb0f9b |
};
|
|
|
fb0f9b |
|
|
|
fb0f9b |
+ memset(&ifr, 0, sizeof(ifr));
|
|
|
fb0f9b |
for (i = 0; ifra[i].req_name; i++) {
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
res = ioctl(skfd, ifra[i].g_ioctl, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
int saved_errno = errno;
|
|
|
fb0f9b |
@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
|
|
|
fb0f9b |
sizeof(ifr.ifr_addr.sa_data));
|
|
|
fb0f9b |
}
|
|
|
fb0f9b |
|
|
|
fb0f9b |
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
|
|
fb0f9b |
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
|
|
fb0f9b |
res = ioctl(skfd, ifra[i].s_ioctl, &ifr);
|
|
|
fb0f9b |
if (res < 0) {
|
|
|
fb0f9b |
int saved_errno = errno;
|
|
|
fb0f9b |
--
|
|
|
fb0f9b |
2.31.1
|
|
|
fb0f9b |
|