From: Guilherme Maciel Ferreira Date: Sat, 6 Aug 2011 17:52:07 +0000 (-0300) Subject: Validates the ifr.ifr_name buffer size before copy (Thomas's advice) X-Git-Tag: v1.1^2~28 X-Git-Url: http://developer.intra2net.com/git/?a=commitdiff_plain;h=0aea66bd756d2df11c8a3b3b0050d7b70ef74d8f;p=pingcheck Validates the ifr.ifr_name buffer size before copy (Thomas's advice) --- diff --git a/src/tcp/tcppinger.cpp b/src/tcp/tcppinger.cpp index 494a87a..c35655b 100644 --- a/src/tcp/tcppinger.cpp +++ b/src/tcp/tcppinger.cpp @@ -118,15 +118,28 @@ uint32_t TcpPinger::get_source_address() { struct ifreq ifr; memset( &ifr, 0, sizeof(ifr) ); - strcpy( ifr.ifr_name, SourceNetworkInterfaceName.c_str() ); - ifr.ifr_addr.sa_family = AF_INET; - int ioctl_resp = ioctl( Socket.native(), SIOCGIFADDR, &ifr ); - if ( ioctl_resp == 0) + + // make sure the ifr.ifr_name has enough room to receive the network + // interface name + size_t network_interface_name_limit = sizeof(ifr.ifr_name); + if ( network_interface_name_limit > SourceNetworkInterfaceName.size() ) + { + strncpy( ifr.ifr_name, SourceNetworkInterfaceName.c_str(), network_interface_name_limit ); + ifr.ifr_addr.sa_family = AF_INET; + + int ioctl_resp = ioctl( Socket.native(), SIOCGIFADDR, &ifr ); + if ( ioctl_resp == 0) + { + return ((uint32_t) ifr.ifr_addr.sa_data[2] & 0xFF) << 24 | + ((uint32_t) ifr.ifr_addr.sa_data[3] & 0xFF) << 16 | + ((uint32_t) ifr.ifr_addr.sa_data[4] & 0xFF) << 8 | + ((uint32_t) ifr.ifr_addr.sa_data[5] & 0xFF); + } + } + else { - return ((uint32_t) ifr.ifr_addr.sa_data[2] & 0xFF) << 24 | - ((uint32_t) ifr.ifr_addr.sa_data[3] & 0xFF) << 16 | - ((uint32_t) ifr.ifr_addr.sa_data[4] & 0xFF) << 8 | - ((uint32_t) ifr.ifr_addr.sa_data[5] & 0xFF); + GlobalLogger.error() << "Error: network interface name truncated" + << endl; } return 0;