Fix overlapping buffers passed to strncpy which is UB. format_host_rta_r writes
to the buffer passed to it, so hostname (derived from b1) & b1 partly overlap.
This gets worse with sys-libs/glibc-2.37 where the ip route output can be truncated,
but it was UB anyway and you can see it occurring w/ glibc-2.36.
Bug: https://lore.kernel.org/netdev/
0011AC38-4823-4D0A-8580-
B108D08959C2@gentoo.org/T/#u
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30112
Thanks-to: Doug Freed <dwfreed@mtu.edu>
Signed-off-by: Sam James <sam@gentoo.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
int ret;
SPRINT_BUF(b1);
+ SPRINT_BUF(b2);
if (n->nlmsg_type != RTM_NEWROUTE && n->nlmsg_type != RTM_DELROUTE) {
fprintf(stderr, "Not a route: %08x %08x %08x\n",
r->rtm_dst_len);
} else {
const char *hostname = format_host_rta_r(family, tb[RTA_DST],
- b1, sizeof(b1));
+ b2, sizeof(b2));
if (hostname)
strncpy(b1, hostname, sizeof(b1) - 1);
}
r->rtm_src_len);
} else {
const char *hostname = format_host_rta_r(family, tb[RTA_SRC],
- b1, sizeof(b1));
+ b2, sizeof(b2));
if (hostname)
strncpy(b1, hostname, sizeof(b1) - 1);
}
projects / thirdparty / iproute2.git / commitdiff
