sandbox: eth-raw-os.c: Ensure that our interface name is not too long
authorTom Rini <trini@konsulko.com>
Tue, 8 Dec 2015 03:26:34 +0000 (22:26 -0500)
committerSimon Glass <sjg@chromium.org>
Tue, 12 Jan 2016 17:19:09 +0000 (10:19 -0700)
Coverity notes that we do not ensure when we copy ifname we still have
space left to ensure NULL termination.  As cannot control the size of
ifr_name we must make sure that our argument will not overflow the
buffer.

Reported-by: Coverity (CID 131094)
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
arch/sandbox/cpu/eth-raw-os.c

index b76a7319aeeb762c96a1ef71cfa5e61ed7a2e0e7..528865f5d3fb9df30cb5cd91b0de52866e178684 100644 (file)
@@ -76,6 +76,10 @@ static int _raw_packet_start(const char *ifname, unsigned char *ethmac,
                printf("Failed to set promiscuous mode: %d %s\n"
                       "Falling back to the old \"flags\" way...\n",
                        errno, strerror(errno));
+               if (strlen(ifname) >= IFNAMSIZ) {
+                       printf("Interface name %s is too long.\n", ifname);
+                       return -EINVAL;
+               }
                strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
                if (ioctl(priv->sd, SIOCGIFFLAGS, &ifr) < 0) {
                        printf("Failed to read flags: %d %s\n", errno,