From: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Fri, 29 Jun 2018 15:32:23 +0000 (+0200)
Subject: Check length of ifname before copying it into to ifreq structure.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74d16a57a3615fcf05e5c60cb5a8f25e8acf38b9;p=thirdparty%2Fglibc.git

Check length of ifname before copying it into to ifreq structure.

	[BZ #22442]
	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
	Check if ifname is too long.

(cherry picked from commit 2180fee114b778515b3f560e5ff1e795282e60b0)
---

diff --git a/ChangeLog b/ChangeLog
index c502aceddb3..7ecc33e61d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-15  Steve Ellcey  <sellcey@cavium.com>
+
+	[BZ #22442]
+	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
+	Check if ifname is too long.
+
 2018-06-29  Daniel Alvarez  <dalvarez@redhat.com>
 	    Jakub Sitnicki  <jkbs@redhat.com>
 
diff --git a/NEWS b/NEWS
index db43d87ee01..48d28e166af 100644
--- a/NEWS
+++ b/NEWS
@@ -120,6 +120,7 @@ The following bugs are resolved with this release:
   [22299] x86-64: Don't set GLRO(dl_platform) to NULL
   [22320] glob: Fix one-byte overflow (CVE-2017-15670)
   [22321] sysconf: Fix missing definition of UIO_MAXIOV on Linux
+  [22442] if_nametoindex: Check length of ifname before copying it
   [22322] libc: [mips64] wrong bits/long-double.h installed
   [22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
   [22342] NSCD not properly caching netgroup
diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
index 8ba5eae7818..a874634d526 100644
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@ __if_nametoindex (const char *ifname)
   if (fd < 0)
     return 0;
 
+  if (strlen (ifname) >= IFNAMSIZ)
+    {
+      __set_errno (ENODEV);
+      return 0;
+    }
+
   strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
     {