]> git.proxmox.com Git - mirror_lxc.git/commitdiff
projects / mirror_lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e853a32)
coverity: ifr_name buffer not NULL terminated
authorDwight Engen <dwight.engen@oracle.com>
Tue, 29 Oct 2013 13:24:29 +0000 (09:24 -0400)
committerSerge Hallyn <serge.hallyn@ubuntu.com>
Tue, 29 Oct 2013 14:38:50 +0000 (09:38 -0500)
The kernel (net/core/dev_ioctl.c:dev_ioctl()) is going to NULL terminate
this name after the copy-in of the ifr, so even though this is a fixed
sized array the last byte isn't usable as part of the name. All the ioctls
we're using go through this code path.

Use the ifr name in the DEBUG message in case it was possibly truncated.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
src/lxc/conf.c patch | blob | blame | history
src/lxc/lxc_user_nic.c patch | blob | blame | history
src/lxc/network.c patch | blob | blame | history

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index f579c17dbea33501ff0febbf108159de7acca3c7..50dc4262e7ed18e62a066bd71d9a642e3cbf688f 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2059,6 +2059,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
        }
 
        memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+       ifr.ifr_name[IFNAMSIZ-1] = '\0';
        memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
 
        process_lock();
@@ -2076,7 +2077,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
        if (ret)
                ERROR("ioctl failure : %s", strerror(errno));
 
-       DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
+       DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifr.ifr_name);
 
        return ret;
 }
diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 6c3a09e98f9893f61957e2bb9c02aa3a28bdcf63..bc1c26881e7e8110c1a2bee2ac3d05631c2ec2f1 100644 (file)
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -473,7 +473,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
        if (fd < 0)
                return -errno;
 
-       strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
+       strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
+       ifr.ifr_name[IFNAMSIZ-1] = '\0';
        ifr.ifr_ifindex = index;
        err = ioctl(fd, SIOCBRADDIF, &ifr);
        close(fd);
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 09ca8f79c646381402304d24e6367cc391b8e369..c30287e9b9174506b752f31207001e503dd0609b 100644 (file)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -1009,7 +1009,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
        if (fd < 0)
                return -errno;
 
-       strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
+       strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
+       ifr.ifr_name[IFNAMSIZ-1] = '\0';
        ifr.ifr_ifindex = index;
        err = ioctl(fd, SIOCBRADDIF, &ifr);
        process_lock();
LXC mirror