[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
From: |
Joan Lledó |
Subject: |
Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings |
Date: |
Tue, 14 Aug 2018 18:17:28 +0200 |
Missatge de Samuel Thibault <samuel.thibault@gnu.org> del dia dt., 14
d’ag. 2018 a les 9:34:
> > - strncpy (in->dev_name, arg, DEV_NAME_LEN);
> > + strncpy (in->dev_name, arg, sizeof(in->dev_name)-1);
>
> Mmm, but if arg is longer than the given size and doesn't contain a \0,
> in->dev_name will not contain one either?
>
No, b/c at most sizeof(in->dev_name)-1 bytes from arg will be copied,
leaving the last byte in in->dev_name unwritten, which always will be
equal to zero as it's initialized in parse_hook_add_interface().
> > strncpy (ifr->ifr_name, netif_get_state (netif)->devname,
> > - strlen (netif_get_state (netif)->devname) + 1);
> > + sizeof (ifr->ifr_name)-1);
>
> Similarly.
Same here, the last byte is never written and is initialized to \0 in
the previous line.