[U-Boot] [PATCH 2/3] sandbox: eth-raw-os.c: Ensure that our interface name is not too long
Tom Rini
trini at konsulko.com
Tue Dec 8 04:26:34 CET 2015
Coverity notes that we do not ensure when we copy ifname we still have
space left to ensure NULL termination. As cannot control the size of
ifr_name we must make sure that our argument will not overflow the
buffer.
Reported-by: Coverity (CID 131094)
Cc: Simon Glass <sjg at chromium.org>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
arch/sandbox/cpu/eth-raw-os.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/sandbox/cpu/eth-raw-os.c b/arch/sandbox/cpu/eth-raw-os.c
index b76a731..528865f 100644
--- a/arch/sandbox/cpu/eth-raw-os.c
+++ b/arch/sandbox/cpu/eth-raw-os.c
@@ -76,6 +76,10 @@ static int _raw_packet_start(const char *ifname, unsigned char *ethmac,
printf("Failed to set promiscuous mode: %d %s\n"
"Falling back to the old \"flags\" way...\n",
errno, strerror(errno));
+ if (strlen(ifname) >= IFNAMSIZ) {
+ printf("Interface name %s is too long.\n", ifname);
+ return -EINVAL;
+ }
strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
if (ioctl(priv->sd, SIOCGIFFLAGS, &ifr) < 0) {
printf("Failed to read flags: %d %s\n", errno,
--
1.7.9.5
More information about the U-Boot
mailing list