From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 30 Jun 2004 11:48:19 +0000 (+0000)
Subject: passing in a very long interface name could make a buffer overflow
X-Git-Tag: curl-7_12_1~173
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4af08a19f85c577d9b1f2df892c82e34e473f31d;p=thirdparty%2Fcurl.git

passing in a very long interface name could make a buffer overflow
---

diff --git a/lib/if2ip.c b/lib/if2ip.c
index 237d1f7588..b167b8df65 100644
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -94,8 +94,11 @@ char *Curl_if2ip(const char *interface, char *buf, int buf_size)
   }
   else {
     struct ifreq req;
+    size_t len = strlen(interface);
     memset(&req, 0, sizeof(req));
-    strcpy(req.ifr_name, interface);
+    if(len >= sizeof(req.ifr_name))
+      return NULL; /* this can't be a fine interface name */
+    memcpy(req.ifr_name, interface, len+1);
     req.ifr_addr.sa_family = AF_INET;
 #ifdef	IOCTL_3_ARGS
     if (SYS_ERROR == ioctl(dummy, SIOCGIFADDR, &req)) {