coverity: ifr_name buffer not NULL terminated

The kernel (net/core/dev_ioctl.c:dev_ioctl()) is going to NULL terminate this name after the copy-in of the ifr, so even though this is a fixed sized array the last byte isn't usable as part of the name. All the ioctls we're using go through this code path. Use the ifr name in the DEBUG message in case it was possibly truncated. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

coverity: ifr_name buffer not NULL terminated
5da6aa8c · Dwight Engen · Serge Hallyn · e853a32d · 5da6aa8c · 5da6aa8c
Commit 5da6aa8c authored Oct 29, 2013 by Dwight Engen Committed by Serge Hallyn Oct 29, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

conf.c src/lxc/conf.c +2 -1

lxc_user_nic.c src/lxc/lxc_user_nic.c +2 -1

network.c src/lxc/network.c +2 -1

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2059,6 +2059,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
 	}
 	memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
 	process_lock();
@@ -2076,7 +2077,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
 	if (ret)
 		ERROR("ioctl failure : %s", strerror(errno));
-	DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
+	DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifr.ifr_name);
 	return ret;
 }

--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -473,7 +473,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	if (fd < 0)
 		return -errno;
-	strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
+	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	ifr.ifr_ifindex = index;
 	err = ioctl(fd, SIOCBRADDIF, &ifr);
 	close(fd);

--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -1009,7 +1009,8 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	if (fd < 0)
 		return -errno;
-	strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
+	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	ifr.ifr_ifindex = index;
 	err = ioctl(fd, SIOCBRADDIF, &ifr);
 	process_lock();