[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    =?us-ascii?Q?Re=3A=20=5BPATCH=5D=20ifplugd?=
From:       Maxim Kry¾anovskı <xmaks () email ! cz>
Date:       2010-03-31 10:58:03
Message-ID: 4888.1523.2515-17298-2049233260-1270033083 () email ! cz
[Download RAW message or body]

> Is this safe?
> 
> if (strncmp(G.iface, RTA_DATA(attr), len) == 0)
> 
> What if RTA_DATA(attr) = "if", len = 2, and G.iface = "if0"?
> Or does kernel pass attr with NUL included?
> 
> -- 
> vda
> 
> 
>
 
Yes, it is not safe. It needs to compare their lengths:
int iface_len = strlen(G.iface);
if (iface_len == len && strncmp(G.iface, RTA_DATA(attr), len) == 0)

Attached is a patch. Thanks.
--
max

["=?us-ascii?Q?ifplugd=2Epatch?=" (text/x-patch)]

diff --git a/networking/ifplugd.c b/networking/ifplugd.c
index f398cca..8e21e7c 100644
--- a/networking/ifplugd.c
+++ b/networking/ifplugd.c
@@ -485,8 +485,10 @@ static smallint detect_link(void)
 
 static NOINLINE int check_existence_through_netlink(void)
 {
+	int iface_len;
 	char replybuf[1024];
 
+	iface_len = strlen(G.iface);
 	while (1) {
 		struct nlmsghdr *mhdr;
 		ssize_t bytes;
@@ -527,7 +529,9 @@ static NOINLINE int check_existence_through_netlink(void)
 						if (len > IFNAMSIZ)
 							len = IFNAMSIZ;
 
-						if (strncmp(G.iface, RTA_DATA(attr), len) == 0) {
+						if (iface_len == len &&
+						  strncmp(G.iface, RTA_DATA(attr), len) == 0
+						) {
 							G.iface_exists = (mhdr->nlmsg_type == RTM_NEWLINK);
 						}
 					}


_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

[prev in list] [next in list] [prev in thread] [next in thread]