From 85f647c4300a888bb6cbc27f33138549cab617e3 Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Fri, 15 Dec 2017 11:15:26 -0800
Subject: [PATCH] Ensure strings from peer are copied correctly.

The method of using strlen() and strcpy()/strncpy() has
a couple of holes. Do not try to measure the length of
strings supplied from peer, and ensure copied strings are
NULL-terminated. Use the new strlcpy() instead.
Found by Qualsys.
---
 iscsiuio/src/unix/iscsid_ipc.c | 24 ++++++------------------
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
index 4a6687b32a17..8478f9a411a3 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
@@ -147,10 +147,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird)
 	struct in_addr ia;
 	struct in6_addr ia6;
 
-	if (strlen(in_ipaddr_str) > NI_MAXHOST)
-		strncpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
-	else
-		strcpy(ipaddr_str, in_ipaddr_str);
+	strlcpy(ipaddr_str, in_ipaddr_str, NI_MAXHOST);
 
 	/* Find the CIDR if any */
 	tmp = strchr(ipaddr_str, '/');
@@ -282,22 +279,16 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
 
 			/* For LL on, ignore the IPv6 addr in the iface */
 			if (ird->linklocal_autocfg == IPV6_LL_AUTOCFG_OFF) {
-				if (strlen(rec->ipv6_linklocal) > NI_MAXHOST)
-					strncpy(ipaddr_str, rec->ipv6_linklocal,
-						NI_MAXHOST);
-				else
-					strcpy(ipaddr_str, rec->ipv6_linklocal);
+				strlcpy(ipaddr_str, rec->ipv6_linklocal,
+					NI_MAXHOST);
 				inet_pton(AF_INET6, ipaddr_str,
 					  &ird->ipv6_linklocal);
 			}
 
 			/* For RTR on, ignore the IPv6 addr in the iface */
 			if (ird->router_autocfg == IPV6_RTR_AUTOCFG_OFF) {
-				if (strlen(rec->ipv6_router) > NI_MAXHOST)
-					strncpy(ipaddr_str, rec->ipv6_router,
-						NI_MAXHOST);
-				else
-					strcpy(ipaddr_str, rec->ipv6_router);
+				strlcpy(ipaddr_str, rec->ipv6_router,
+					NI_MAXHOST);
 				inet_pton(AF_INET6, ipaddr_str,
 					  &ird->ipv6_router);
 			}
@@ -311,10 +302,7 @@ static int decode_iface(struct iface_rec_decode *ird, struct iface_rec *rec)
 					calculate_default_netmask(
 							ird->ipv4_addr.s_addr);
 
-			if (strlen(rec->gateway) > NI_MAXHOST)
-				strncpy(ipaddr_str, rec->gateway, NI_MAXHOST);
-			else
-				strcpy(ipaddr_str, rec->gateway);
+			strlcpy(ipaddr_str, rec->gateway, NI_MAXHOST);
 			inet_pton(AF_INET, ipaddr_str, &ird->ipv4_gateway);
 		}
 	} else {
-- 
2.17.2