Fixed Debian Bug #392263 reported by Jochen Voss

(buffer overflow in dev argument processing)

Fixed Debian Bug #392263 reported by Jochen Voss
(buffer overflow in dev argument processing)
4347ec3e · Bernd Eckenfels · e44dfb3d · 4347ec3e
Commit 4347ec3e authored Oct 11, 2006 by Bernd Eckenfels
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

ipmaddr.c ipmaddr.c +7 -4

No files found.
--- a/ipmaddr.c
+++ b/ipmaddr.c
@@ -291,13 +291,15 @@ static void print_mlist(FILE *fp, struct ma_info *list)
 static int multiaddr_list(int argc, char **argv)
 {
 	struct ma_info *list = NULL;
+	size_t l;

 	while (argc > 0) {
 		if (strcmp(*argv, "dev") == 0) {
 			NEXT_ARG();
-			if (filter_dev[0])
+			l = strlen(*argv);
+			if (l <= 0 || l >= sizeof(filter_dev))
 				usage();
-			strcpy(filter_dev, *argv);
+			strncpy(filter_dev, *argv, sizeof (filter_dev));
 		} else if (strcmp(*argv, "all") == 0) {
 			filter_family = AF_UNSPEC;
 		} else if (strcmp(*argv, "ipv4") == 0) {
@@ -307,9 +309,10 @@ static int multiaddr_list(int argc, char **argv)
 		} else if (strcmp(*argv, "link") == 0) {
 			filter_family = AF_PACKET;
 		} else {
-			if (filter_dev[0])
+			l = strlen(*argv);
+			if (l <= 0 || l >= sizeof(filter_dev))
 				usage();
-			strcpy(filter_dev, *argv);
+			strncpy(filter_dev, *argv, sizeof (filter_dev));
 		}
 		argv++; argc--;
 	}