]> granicus.if.org Git - strace/commitdiff
projects / strace / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22e34b9)
sock: fix decoding of struct ifreq.ifr_name
authorMike Frysinger <vapier@gentoo.org>
Tue, 21 Oct 2014 12:34:08 +0000 (08:34 -0400)
committerDmitry V. Levin <ldv@altlinux.org>
Fri, 31 Oct 2014 15:17:31 +0000 (15:17 +0000)
The ifr name fields of the ifreq structure might not be NUL terminated.
If the user makes an ioctl call where they aren't, then strace ends up
reading random content from its own stack.  Limit the printf lengths.

* sock.c (sock_ioctl): Add explicit length limits to ifr_name printfs.

sock.c patch | blob | history

diff --git a/sock.c b/sock.c
index dca9bfd4713a45857c1391e011bc90d1bdfefaf4..d04e833020e771a667135025ab51e56401729a23 100644 (file)
--- a/sock.c
+++ b/sock.c
@@ -131,12 +131,14 @@ sock_ioctl(struct tcb *tcp, long code, long arg)
                        if (code == SIOCGIFNAME || code == SIOCSIFNAME)
                                tprintf(", {ifr_index=%d, ifr_name=???}", ifr.ifr_ifindex);
                        else
-                               tprintf(", {ifr_name=\"%s\", ???}", ifr.ifr_name);
+                               tprintf(", {ifr_name=\"%.*s\", ???}",
+                                       IFNAMSIZ, ifr.ifr_name);
                } else if (code == SIOCGIFNAME || code == SIOCSIFNAME)
-                       tprintf(", {ifr_index=%d, ifr_name=\"%s\"}",
-                               ifr.ifr_ifindex, ifr.ifr_name);
+                       tprintf(", {ifr_index=%d, ifr_name=\"%.*s\"}",
+                               ifr.ifr_ifindex, IFNAMSIZ, ifr.ifr_name);
                else {
-                       tprintf(", {ifr_name=\"%s\", ", ifr.ifr_name);
+                       tprintf(", {ifr_name=\"%.*s\", ",
+                               IFNAMSIZ, ifr.ifr_name);
                        switch (code) {
                        case SIOCGIFINDEX:
                                tprintf("ifr_index=%d", ifr.ifr_ifindex);
@@ -237,8 +239,8 @@ sock_ioctl(struct tcb *tcp, long code, long arg)
                        for (i = 0; i < nifra; ++i ) {
                                if (i > 0)
                                        tprints(", ");
-                               tprintf("{\"%s\", {",
-                                       ifra[i].ifr_name);
+                               tprintf("{\"%.*s\", {",
+                                       IFNAMSIZ, ifra[i].ifr_name);
                                if (verbose(tcp)) {
                                        printxval(addrfams,
                                                  ifra[i].ifr_addr.sa_family,
Unnamed repository; edit this file 'description' to name the repository.