From: Christian Heimes Date: Sun, 9 Sep 2012 23:25:50 +0000 (+0200) Subject: Make sure that *really* no more than sizeof(ifr.ifr_name) chars are strcpy-ed to... X-Git-Tag: v3.3.1rc1~818^2^2~116 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=15b6885fe0ac67a23bbf80f90b1854c3bd7db984;p=python Make sure that *really* no more than sizeof(ifr.ifr_name) chars are strcpy-ed to ifr.ifr_name and that the string is *always* NUL terminated. New code shouldn't use strcpy(), too. CID 719692 --- diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 717667454a..d8c81fe156 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1674,7 +1674,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, if (len == 0) { ifr.ifr_ifindex = 0; } else if (len < sizeof(ifr.ifr_name)) { - strcpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName)); + strncpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName), sizeof(ifr.ifr_name)); + ifr.ifr_name[(sizeof(ifr.ifr_name))-1] = '\0'; if (ioctl(s->sock_fd, SIOCGIFINDEX, &ifr) < 0) { s->errorhandler(); Py_DECREF(interfaceName);