On Fri, Jan 27, 2017 at 03:10:44PM +0100, Sven Eckelmann wrote:
> The arpreq.arp_dev is a limited buffer (16 bytes). Avoid that more bytes
> from the interface name are copied into this buffer by switching from
> strcpy to strncpy.
>
> Fixes: c7da798113a2 ("alfred: IPv4 multicast distribution support.")
> Signed-off-by: Sven Eckelmann <s...@narfation.org>
> ---
> util.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/util.c b/util.c
> index 84ab3af..ed83895 100644
> --- a/util.c
> +++ b/util.c
> @@ -92,7 +92,9 @@ int ipv4_arp_request(struct interface *interface, const
> alfred_addr *addr,
> sin->sin_family = AF_INET;
> sin->sin_addr.s_addr = addr->ipv4.s_addr;
>
> - strcpy(arpreq.arp_dev, interface->interface);
> + strncpy(arpreq.arp_dev, interface->interface, sizeof(arpreq.arp_dev));arpreq is already set to 0 few lines above. why not simpling "sizeof(arpreq.arp_dev) - 1" as last argument for the strncpy() and avoid the line below? Or is this required for consistency with the rest of the code? Cheers, -- Antonio Quartulli
signature.asc
Description: Digital signature
