From patchwork Fri Jan 27 14:10:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 16923 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 575658191D; Fri, 27 Jan 2017 15:10:50 +0100 (CET) Authentication-Results: open-mesh.org; dmarc=none header.from=narfation.org Authentication-Results: open-mesh.org; dkim=fail reason="verification failed; unprotected key" header.d=narfation.org header.i=@narfation.org header.b=VCdmLgls; dkim-adsp=fail (unprotected policy); dkim-atps=neutral Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=79.140.41.39; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver=b.a.t.m.a.n@lists.open-mesh.org Authentication-Results: open-mesh.org; dmarc=pass header.from=narfation.org Received: from v3-1039.vlinux.de (narfation.org [79.140.41.39]) by open-mesh.org (Postfix) with ESMTPS id 4320A80898 for ; Fri, 27 Jan 2017 15:10:48 +0100 (CET) Received: from sven-desktop.home.narfation.org (p200300C593C21FF90000000000002E17.dip0.t-ipconnect.de [IPv6:2003:c5:93c2:1ff9::2e17]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id C0A511100DB; Fri, 27 Jan 2017 15:10:47 +0100 (CET) Authentication-Results: v3-1039.vlinux.de; dmarc=none header.from=narfation.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1485526247; bh=/TlHiyp3UH/WjkTLo2B4GREuceeGZFe6lAevv5UMMVg=; h=From:To:Cc:Subject:Date:From; b=VCdmLglsVBSDqljmT4cMd/CC/tkw61/A2yHZE4BZfqow1HIkKhDhXp0LzPE48NSsm tWhvYbZD9WKlYTsXwilb8cdoDNWLRPX34oVBza/gCGoJFDdeCIcMr6Wu5AfnYNPcDd JEj7aeZsgxn7tyKsYhDTIZHmgvqQIILk8aPqoQM8= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Fri, 27 Jan 2017 15:10:44 +0100 Message-Id: <20170127141044.5317-1-sven@narfation.org> X-Mailer: git-send-email 2.11.0 Subject: [B.A.T.M.A.N.] [PATCH] alfred: Avoid buffer overflow while querying ARP cache X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The arpreq.arp_dev is a limited buffer (16 bytes). Avoid that more bytes from the interface name are copied into this buffer by switching from strcpy to strncpy. Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.") Signed-off-by: Sven Eckelmann --- util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/util.c b/util.c index 84ab3af..ed83895 100644 --- a/util.c +++ b/util.c @@ -92,7 +92,9 @@ int ipv4_arp_request(struct interface *interface, const alfred_addr *addr, sin->sin_family = AF_INET; sin->sin_addr.s_addr = addr->ipv4.s_addr; - strcpy(arpreq.arp_dev, interface->interface); + strncpy(arpreq.arp_dev, interface->interface, sizeof(arpreq.arp_dev)); + arpreq.arp_dev[sizeof(arpreq.arp_dev) - 1] = '\0'; + if (ioctl(interface->netsock, SIOCGARP, &arpreq) < 0) return -1;