From: Thomas Markwalder <tmark@isc.org>
Date: Fri, 8 Jul 2016 11:39:55 +0000 (-0400)
Subject: [v4_1_esv] Clean up interface name handling during interface discovery
X-Git-Tag: v4_1_esv_r14b1~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=41978e68e6df07595bd6fcf9cf980594575400da;p=thirdparty%2Fdhcp.git

[v4_1_esv] Clean up interface name handling during interface discovery

    Merges in rt42226.
---

diff --git a/RELNOTES b/RELNOTES
index 031f7cd91..0dc1ae3ca 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -87,6 +87,12 @@ by Eric Young (eay@cryptsoft.com).
   enabled) prior to offering an abandoned lease to client.
   [ISC-Bugs #41815]
 
+- Correct handling of interface names during interface discovery. This
+  addresses an issue where interface names of 15 characters in length
+  could lead to crashes or interface recognition errors during startup
+  of dhcpd, dhclient, and dhcrelay.
+  [ISC-Bugs #42226]
+
 			Changes since 4.1-ESV-R13b1
 
 - None
diff --git a/common/discover.c b/common/discover.c
index ea5a82b1c..da0c3f81d 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -332,8 +332,8 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 			continue;
 		}
 
-		strcpy(info->name, p->lifr_name);
-		memset(&info->addr, 0, sizeof(info->addr));
+		memset(info, 0, sizeof(struct iface_info));
+		strncpy(info->name, p->lifr_name, sizeof(info->name) - 1);
 		memcpy(&info->addr, &p->lifr_addr, sizeof(p->lifr_addr));
 
 #if defined(sun) || defined(__linux)
@@ -349,7 +349,7 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 		 (strncmp(info->name, "dummy", 5) == 0));
 	
 	memset(&tmp, 0, sizeof(tmp));
-	strcpy(tmp.lifr_name, info->name);
+	strncpy(tmp.lifr_name, info->name, sizeof(tmp.lifr_name) - 1);
 	if (ioctl(ifaces->sock, SIOCGLIFFLAGS, &tmp) < 0) {
 		log_error("Error getting interface flags for '%s'; %m", 
 			  p->lifr_name);
@@ -664,7 +664,7 @@ next_iface6(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 			log_error("IPv6 interface name '%s' too long", name);
 			return 0;
 		}
-		strcpy(info->name, name);
+		strncpy(info->name, name, sizeof(info->name) - 1);
 
 #ifdef SKIP_DUMMY_INTERFACES
 	} while (strncmp(info->name, "dummy", 5) == 0);
@@ -702,7 +702,7 @@ next_iface6(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 	 * Get our flags.
 	 */
 	memset(&tmp, 0, sizeof(tmp));
-	strcpy(tmp.ifr_name, name);
+	strncpy(tmp.ifr_name, name, sizeof(tmp.ifr_name) - 1);
 	if (ioctl(ifaces->sock, SIOCGIFFLAGS, &tmp) < 0) {
 		log_error("Error getting interface flags for '%s'; %m", name);
 		*err = 1;
@@ -723,6 +723,7 @@ next_iface6(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
  */
 int
 next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
+	memset(info, 0, sizeof(struct iface_info));
 	if (next_iface4(info, err, ifaces)) {
 		return 1;
 	}
@@ -815,7 +816,8 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 		*err = 1;
 		return 0;
 	}
-	strcpy(info->name, ifaces->next->ifa_name);
+	memset(info, 0, sizeof(struct iface_info));
+	strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
 	memcpy(&info->addr, ifaces->next->ifa_addr, 
 	       ifaces->next->ifa_addr->sa_len);
 	info->flags = ifaces->next->ifa_flags;
@@ -984,7 +986,7 @@ discover_interfaces(int state) {
 				log_fatal("Error allocating interface %s: %s",
 					  info.name, isc_result_totext(status));
 			}
-			strcpy(tmp->name, info.name);
+			strncpy(tmp->name, info.name, sizeof(tmp->name) - 1);
 			interface_snorf(tmp, ir);
 			interface_dereference(&tmp, MDL);
 			tmp = interfaces; /* XXX */