Repository : ssh://git@open-mesh.org/alfred
On branch : master
commit 26ef92b456a420869eeffe5ab5c0de77354dd245 Author: Sven Eckelmann sven@narfation.org Date: Fri Jan 27 15:10:44 2017 +0100
alfred: Avoid buffer overflow while querying ARP cache
The arpreq.arp_dev is a limited buffer (16 bytes). Avoid that more bytes from the interface name are copied into this buffer by switching from strcpy to strncpy.
Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.") Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Simon Wunderlich sw@simonwunderlich.de
26ef92b456a420869eeffe5ab5c0de77354dd245 util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/util.c b/util.c index 84ab3af..ed83895 100644 --- a/util.c +++ b/util.c @@ -92,7 +92,9 @@ int ipv4_arp_request(struct interface *interface, const alfred_addr *addr, sin->sin_family = AF_INET; sin->sin_addr.s_addr = addr->ipv4.s_addr;
- strcpy(arpreq.arp_dev, interface->interface); + strncpy(arpreq.arp_dev, interface->interface, sizeof(arpreq.arp_dev)); + arpreq.arp_dev[sizeof(arpreq.arp_dev) - 1] = '\0'; + if (ioctl(interface->netsock, SIOCGARP, &arpreq) < 0) return -1;