From 74d16a57a3615fcf05e5c60cb5a8f25e8acf38b9 Mon Sep 17 00:00:00 2001 From: Steve Ellcey Date: Fri, 29 Jun 2018 17:32:23 +0200 Subject: [PATCH] Check length of ifname before copying it into to ifreq structure. [BZ #22442] * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Check if ifname is too long. (cherry picked from commit 2180fee114b778515b3f560e5ff1e795282e60b0) --- ChangeLog | 6 ++++++ NEWS | 1 + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/ChangeLog b/ChangeLog index c502aceddb3..7ecc33e61d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2017-11-15 Steve Ellcey + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + 2018-06-29 Daniel Alvarez Jakub Sitnicki diff --git a/NEWS b/NEWS index db43d87ee01..48d28e166af 100644 --- a/NEWS +++ b/NEWS @@ -120,6 +120,7 @@ The following bugs are resolved with this release: [22299] x86-64: Don't set GLRO(dl_platform) to NULL [22320] glob: Fix one-byte overflow (CVE-2017-15670) [22321] sysconf: Fix missing definition of UIO_MAXIOV on Linux + [22442] if_nametoindex: Check length of ifname before copying it [22322] libc: [mips64] wrong bits/long-double.h installed [22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671) [22342] NSCD not properly caching netgroup diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c index 8ba5eae7818..a874634d526 100644 --- a/sysdeps/unix/sysv/linux/if_index.c +++ b/sysdeps/unix/sysv/linux/if_index.c @@ -43,6 +43,12 @@ __if_nametoindex (const char *ifname) if (fd < 0) return 0; + if (strlen (ifname) >= IFNAMSIZ) + { + __set_errno (ENODEV); + return 0; + } + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) { -- 2.47.2