Extend the hard-coded interface name length limit in ifdata to the POSIX compliant maximum length of (IFNAMSIZ) when reading from /proc/net/dev.
Witold Baryluk and Bernhard Übelacker reported that interface names longer than 10 characters caused stack smashing of `ifdata`. Extend the hard-coded 10 bytes limitation to IFNAMSIZ. Reported-by: Witold Baryluk <[email protected]> Reported-by: Bernhard Übelacker <[email protected]> Closes: https://bugs.debian.org/1107470 Signed-off-by: Nicolas Schier <[email protected]> --- ifdata.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ifdata.c b/ifdata.c index 6e0bd0b..feeabac 100644 --- a/ifdata.c +++ b/ifdata.c @@ -267,10 +267,13 @@ static void skipline(FILE *fd) { } while (ch != '\n' && ch != EOF); } +#define ___stringify_(x) #x +#define __stringify(x) ___stringify_(x) + struct if_stat *get_stats(const char *iface) { FILE *fd; struct if_stat *ifstat; - char name[10]; + char name[IFNAMSIZ+1]; if (!(ifstat = malloc(sizeof(struct if_stat)))) { perror("malloc"); @@ -289,7 +292,8 @@ struct if_stat *get_stats(const char *iface) { do { int items = fscanf(fd, - " %20[^:]:%llu %llu %llu %llu %llu %llu %llu %llu " + " %" __stringify(IFNAMSIZ) "[^:]:" + "%llu %llu %llu %llu %llu %llu %llu %llu " "%llu %llu %llu %llu %llu %llu %llu %llu", name, &ifstat->in_bytes, &ifstat->in_packets, -- 2.53.0 -- Nicolas
