[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q:How can I determine if an if is up in C/C++ only?



On Fri, 15 Dec 2000, mulix wrote:

> >  strcpy(ifr.ifr_name, argv[1]);
>
> this is broken. ifr.ifr_name is a char array of size IFNAMSIZ (which is
> defined to 16 in net/if.h- not a very long buffer). if the user supplies
> a long enough argv[1], you have your classic buffer overflow here,
> easily overwriting EIP.

i guess gilad just meant for a test program here.

> you want to do
>
>    strncpy(ifr.ifr_name, argv[1], IFNAMSIZ-2);

if you fix a broken thing, at list don't break the patch :)   use:

  strncpy(ifr.ifr_name, argv[1], IFNAMSIZ-1);

the buffer is of size IFNAMSIZ, so you copy that much minus 1 for the null
char.

>    ifr.ifr_name[IFNAMSIZ-1] = '\0';

and this is the source of confusion. here the value 'IFNAMSIZ-1' is used
as an index, and previusly it was used as a size.

ofcourse, one may argue that it's better to return a 'string too long'
error then to silenty trim the string. not to mention an aditional check
for argc's value (maybe there was no parameter supplied), etc. etc. etc...

--
guy

"For world domination - press 1,
 or dial 0, and please hold, for the creator." -- nob o. dy


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il