On Fri, Jan 27, 2017 at 03:10:44PM +0100, Sven Eckelmann wrote:
The arpreq.arp_dev is a limited buffer (16 bytes).
Avoid that more bytes
from the interface name are copied into this buffer by switching from
strcpy to strncpy.
Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
---
util.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/util.c b/util.c
index 84ab3af..ed83895 100644
--- a/util.c
+++ b/util.c
@@ -92,7 +92,9 @@ int ipv4_arp_request(struct interface *interface, const alfred_addr
*addr,
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = addr->ipv4.s_addr;
- strcpy(arpreq.arp_dev, interface->interface);
+ strncpy(arpreq.arp_dev, interface->interface, sizeof(arpreq.arp_dev));
arpreq is already set to 0 few lines above. why not simpling
"sizeof(arpreq.arp_dev) - 1" as last argument for the strncpy() and avoid the
line below?
Or is this required for consistency with the rest of the code?
Cheers,
--
Antonio Quartulli