From 4a01250ed10e676573c21c143c958d61c2f7994e Mon Sep 17 00:00:00 2001 From: truckman Date: Fri, 20 May 2016 07:14:03 +0000 Subject: [PATCH] MFC r299873 Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names. Use sizeof(destination) in a few places instead of IFNAMSIZ. Cast afp->af_ridreq and afp->af_addreq to make the intent of the code more obvious. Reported by: Coverity CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638 CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645 CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053 CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298 CID: 1011299, 1305821, 1351720, 1351721 git-svn-id: svn://svn.freebsd.org/base/stable/10@300285 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sbin/ifconfig/af_inet.c | 4 ++-- sbin/ifconfig/af_inet6.c | 6 +++--- sbin/ifconfig/af_nd6.c | 8 ++++---- sbin/ifconfig/ifclone.c | 2 +- sbin/ifconfig/ifconfig.c | 22 ++++++++++++---------- sbin/ifconfig/iffib.c | 8 ++++---- sbin/ifconfig/ifgre.c | 2 +- sbin/ifconfig/ifieee80211.c | 12 ++++++------ sbin/ifconfig/ifmac.c | 4 ++-- sbin/ifconfig/ifmedia.c | 12 ++++++------ 10 files changed, 41 insertions(+), 39 deletions(-) diff --git a/sbin/ifconfig/af_inet.c b/sbin/ifconfig/af_inet.c index e55aa88d0..7f0052565 100644 --- a/sbin/ifconfig/af_inet.c +++ b/sbin/ifconfig/af_inet.c @@ -152,7 +152,7 @@ in_status_tunnel(int s) const struct sockaddr *sa = (const struct sockaddr *) &ifr.ifr_addr; memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, IFNAMSIZ); + strlcpy(ifr.ifr_name, name, IFNAMSIZ); if (ioctl(s, SIOCGIFPSRCADDR, (caddr_t)&ifr) < 0) return; @@ -177,7 +177,7 @@ in_set_tunnel(int s, struct addrinfo *srcres, struct addrinfo *dstres) struct in_aliasreq addreq; memset(&addreq, 0, sizeof(addreq)); - strncpy(addreq.ifra_name, name, IFNAMSIZ); + strlcpy(addreq.ifra_name, name, IFNAMSIZ); memcpy(&addreq.ifra_addr, srcres->ai_addr, srcres->ai_addr->sa_len); memcpy(&addreq.ifra_dstaddr, dstres->ai_addr, dstres->ai_addr->sa_len); diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c index b4ff943fd..f24643b14 100644 --- a/sbin/ifconfig/af_inet6.c +++ b/sbin/ifconfig/af_inet6.c @@ -185,7 +185,7 @@ in6_status(int s __unused, const struct ifaddrs *ifa) if (sin == NULL) return; - strncpy(ifr6.ifr_name, ifr.ifr_name, sizeof(ifr.ifr_name)); + strlcpy(ifr6.ifr_name, ifr.ifr_name, sizeof(ifr.ifr_name)); if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { warn("socket(AF_INET6,SOCK_DGRAM)"); return; @@ -422,7 +422,7 @@ in6_status_tunnel(int s) const struct sockaddr *sa = (const struct sockaddr *) &in6_ifr.ifr_addr; memset(&in6_ifr, 0, sizeof(in6_ifr)); - strncpy(in6_ifr.ifr_name, name, IFNAMSIZ); + strlcpy(in6_ifr.ifr_name, name, sizeof(in6_ifr.ifr_name)); if (ioctl(s, SIOCGIFPSRCADDR_IN6, (caddr_t)&in6_ifr) < 0) return; @@ -449,7 +449,7 @@ in6_set_tunnel(int s, struct addrinfo *srcres, struct addrinfo *dstres) struct in6_aliasreq in6_addreq; memset(&in6_addreq, 0, sizeof(in6_addreq)); - strncpy(in6_addreq.ifra_name, name, IFNAMSIZ); + strlcpy(in6_addreq.ifra_name, name, sizeof(in6_addreq.ifra_name)); memcpy(&in6_addreq.ifra_addr, srcres->ai_addr, srcres->ai_addr->sa_len); memcpy(&in6_addreq.ifra_dstaddr, dstres->ai_addr, dstres->ai_addr->sa_len); diff --git a/sbin/ifconfig/af_nd6.c b/sbin/ifconfig/af_nd6.c index 3a510a557..ea1eaa0de 100644 --- a/sbin/ifconfig/af_nd6.c +++ b/sbin/ifconfig/af_nd6.c @@ -75,7 +75,7 @@ setnd6flags(const char *dummyaddr __unused, int error; memset(&nd, 0, sizeof(nd)); - strncpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname)); + strlcpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname)); error = ioctl(s, SIOCGIFINFO_IN6, &nd); if (error) { warn("ioctl(SIOCGIFINFO_IN6)"); @@ -100,7 +100,7 @@ setnd6defif(const char *dummyaddr __unused, int error; memset(&ndifreq, 0, sizeof(ndifreq)); - strncpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname)); + strlcpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname)); if (d < 0) { if (isnd6defif(s)) { @@ -127,7 +127,7 @@ isnd6defif(int s) int error; memset(&ndifreq, 0, sizeof(ndifreq)); - strncpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname)); + strlcpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname)); ifindex = if_nametoindex(ndifreq.ifname); error = ioctl(s, SIOCGDEFIFACE_IN6, (caddr_t)&ndifreq); @@ -147,7 +147,7 @@ nd6_status(int s) int isdefif; memset(&nd, 0, sizeof(nd)); - strncpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname)); + strlcpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname)); if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { if (errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT) warn("socket(AF_INET6, SOCK_DGRAM)"); diff --git a/sbin/ifconfig/ifclone.c b/sbin/ifconfig/ifclone.c index 0eda4380d..530f5c194 100644 --- a/sbin/ifconfig/ifclone.c +++ b/sbin/ifconfig/ifclone.c @@ -162,7 +162,7 @@ DECL_CMD_FUNC(clone_create, arg, d) static DECL_CMD_FUNC(clone_destroy, arg, d) { - (void) strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + (void) strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCIFDESTROY, &ifr) < 0) err(1, "SIOCIFDESTROY"); } diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 47b75c3ab..a374f0933 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -304,7 +304,7 @@ main(int argc, char *argv[]) ifindex = 0; for (ifa = ifap; ifa; ifa = ifa->ifa_next) { memset(&paifr, 0, sizeof(paifr)); - strncpy(paifr.ifr_name, ifa->ifa_name, sizeof(paifr.ifr_name)); + strlcpy(paifr.ifr_name, ifa->ifa_name, sizeof(paifr.ifr_name)); if (sizeof(paifr.ifr_addr) >= ifa->ifa_addr->sa_len) { memcpy(&paifr.ifr_addr, ifa->ifa_addr, ifa->ifa_addr->sa_len); @@ -502,7 +502,7 @@ ifconfig(int argc, char *const *argv, int iscreate, const struct afswtch *uafp) struct callback *cb; int s; - strncpy(ifr.ifr_name, name, sizeof ifr.ifr_name); + strlcpy(ifr.ifr_name, name, sizeof ifr.ifr_name); afp = NULL; if (uafp != NULL) afp = uafp; @@ -623,7 +623,8 @@ ifconfig(int argc, char *const *argv, int iscreate, const struct afswtch *uafp) } if (clearaddr) { int ret; - strncpy(afp->af_ridreq, name, sizeof ifr.ifr_name); + strlcpy(((struct ifreq *)afp->af_ridreq)->ifr_name, name, + sizeof ifr.ifr_name); ret = ioctl(s, afp->af_difaddr, afp->af_ridreq); if (ret < 0) { if (errno == EADDRNOTAVAIL && (doalias >= 0)) { @@ -640,7 +641,8 @@ ifconfig(int argc, char *const *argv, int iscreate, const struct afswtch *uafp) } } if (newaddr && (setaddr || setmask)) { - strncpy(afp->af_addreq, name, sizeof ifr.ifr_name); + strlcpy(((struct ifreq *)afp->af_addreq)->ifr_name, name, + sizeof ifr.ifr_name); if (ioctl(s, afp->af_aifaddr, afp->af_addreq) < 0) Perror("ioctl (SIOCAIFADDR)"); } @@ -850,7 +852,7 @@ static void setifmetric(const char *val, int dummy __unused, int s, const struct afswtch *afp) { - strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_metric = atoi(val); if (ioctl(s, SIOCSIFMETRIC, (caddr_t)&ifr) < 0) err(1, "ioctl SIOCSIFMETRIC (set metric)"); @@ -860,7 +862,7 @@ static void setifmtu(const char *val, int dummy __unused, int s, const struct afswtch *afp) { - strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_mtu = atoi(val); if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) < 0) err(1, "ioctl SIOCSIFMTU (set mtu)"); @@ -872,7 +874,7 @@ setifname(const char *val, int dummy __unused, int s, { char *newname; - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); newname = strdup(val); if (newname == NULL) @@ -894,7 +896,7 @@ setifdescr(const char *val, int dummy __unused, int s, { char *newdescr; - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_buffer.length = strlen(val) + 1; if (ifr.ifr_buffer.length == 1) { @@ -954,7 +956,7 @@ status(const struct afswtch *afp, const struct sockaddr_dl *sdl, ifr.ifr_addr.sa_family = afp->af_af == AF_LINK ? AF_LOCAL : afp->af_af; } - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); s = socket(ifr.ifr_addr.sa_family, SOCK_DGRAM, 0); if (s < 0) @@ -1036,7 +1038,7 @@ status(const struct afswtch *afp, const struct sockaddr_dl *sdl, else if (afp->af_other_status != NULL) afp->af_other_status(s); - strncpy(ifs.ifs_name, name, sizeof ifs.ifs_name); + strlcpy(ifs.ifs_name, name, sizeof ifs.ifs_name); if (ioctl(s, SIOCGIFSTATUS, &ifs) == 0) printf("%s", ifs.ascii); diff --git a/sbin/ifconfig/iffib.c b/sbin/ifconfig/iffib.c index f54eab720..192194823 100644 --- a/sbin/ifconfig/iffib.c +++ b/sbin/ifconfig/iffib.c @@ -49,13 +49,13 @@ fib_status(int s) struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCGIFFIB, (caddr_t)&ifr) == 0 && ifr.ifr_fib != RT_DEFAULT_FIB) printf("\tfib: %u\n", ifr.ifr_fib); memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCGTUNFIB, (caddr_t)&ifr) == 0 && ifr.ifr_fib != RT_DEFAULT_FIB) printf("\ttunnelfib: %u\n", ifr.ifr_fib); @@ -74,7 +74,7 @@ setiffib(const char *val, int dummy __unused, int s, return; } - strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_fib = fib; if (ioctl(s, SIOCSIFFIB, (caddr_t)&ifr) < 0) warn("ioctl (SIOCSIFFIB)"); @@ -93,7 +93,7 @@ settunfib(const char *val, int dummy __unused, int s, return; } - strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_fib = fib; if (ioctl(s, SIOCSTUNFIB, (caddr_t)&ifr) < 0) warn("ioctl (SIOCSTUNFIB)"); diff --git a/sbin/ifconfig/ifgre.c b/sbin/ifconfig/ifgre.c index 98d1bf608..36896785a 100644 --- a/sbin/ifconfig/ifgre.c +++ b/sbin/ifconfig/ifgre.c @@ -68,7 +68,7 @@ setifgrekey(const char *val, int dummy __unused, int s, { uint32_t grekey = strtol(val, NULL, 0); - strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_data = (caddr_t)&grekey; if (ioctl(s, GRESKEY, (caddr_t)&ifr) < 0) warn("ioctl (set grekey)"); diff --git a/sbin/ifconfig/ifieee80211.c b/sbin/ifconfig/ifieee80211.c index 034d57869..1103215f1 100644 --- a/sbin/ifconfig/ifieee80211.c +++ b/sbin/ifconfig/ifieee80211.c @@ -3239,7 +3239,7 @@ scan_and_wait(int s) return; } (void) memset(&ireq, 0, sizeof(ireq)); - (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); + (void) strlcpy(ireq.i_name, name, sizeof(ireq.i_name)); ireq.i_type = IEEE80211_IOC_SCAN_REQ; memset(&sr, 0, sizeof(sr)); @@ -3705,7 +3705,7 @@ get80211wme(int s, int param, int ac, int *val) struct ieee80211req ireq; (void) memset(&ireq, 0, sizeof(ireq)); - (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); + (void) strlcpy(ireq.i_name, name, sizeof(ireq.i_name)); ireq.i_type = param; ireq.i_len = ac; if (ioctl(s, SIOCG80211, &ireq) < 0) { @@ -3886,7 +3886,7 @@ list_mac(int s) char c; (void) memset(&ireq, 0, sizeof(ireq)); - (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); /* XXX ?? */ + (void) strlcpy(ireq.i_name, name, sizeof(ireq.i_name)); /* XXX ?? */ ireq.i_type = IEEE80211_IOC_MACCMD; ireq.i_val = IEEE80211_MACCMD_POLICY; if (ioctl(s, SIOCG80211, &ireq) < 0) { @@ -3992,7 +3992,7 @@ list_mesh(int s) struct ieee80211req_mesh_route *rt; (void) memset(&ireq, 0, sizeof(ireq)); - (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); + (void) strlcpy(ireq.i_name, name, sizeof(ireq.i_name)); ireq.i_type = IEEE80211_IOC_MESH_RTCMD; ireq.i_val = IEEE80211_MESH_RTCMD_LIST; ireq.i_data = &routes; @@ -4074,7 +4074,7 @@ get80211opmode(int s) struct ifmediareq ifmr; (void) memset(&ifmr, 0, sizeof(ifmr)); - (void) strncpy(ifmr.ifm_name, name, sizeof(ifmr.ifm_name)); + (void) strlcpy(ifmr.ifm_name, name, sizeof(ifmr.ifm_name)); if (ioctl(s, SIOCGIFMEDIA, (caddr_t)&ifmr) >= 0) { if (ifmr.ifm_current & IFM_IEEE80211_ADHOC) { @@ -4218,7 +4218,7 @@ getid(int s, int ix, void *data, size_t len, int *plen, int mesh) struct ieee80211req ireq; (void) memset(&ireq, 0, sizeof(ireq)); - (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); + (void) strlcpy(ireq.i_name, name, sizeof(ireq.i_name)); ireq.i_type = (!mesh) ? IEEE80211_IOC_SSID : IEEE80211_IOC_MESH_ID; ireq.i_val = ix; ireq.i_data = data; diff --git a/sbin/ifconfig/ifmac.c b/sbin/ifconfig/ifmac.c index a8bef817f..3b171ea0b 100644 --- a/sbin/ifconfig/ifmac.c +++ b/sbin/ifconfig/ifmac.c @@ -57,7 +57,7 @@ maclabel_status(int s) char *label_text; memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); if (mac_prepare_ifnet_label(&label) == -1) return; @@ -90,7 +90,7 @@ setifmaclabel(const char *val, int d, int s, const struct afswtch *rafp) } memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_ifru.ifru_data = (void *)label; error = ioctl(s, SIOCSIFMAC, &ifr); diff --git a/sbin/ifconfig/ifmedia.c b/sbin/ifconfig/ifmedia.c index f1c7752cd..c28919350 100644 --- a/sbin/ifconfig/ifmedia.c +++ b/sbin/ifconfig/ifmedia.c @@ -112,7 +112,7 @@ media_status(int s) int xmedia = 1; (void) memset(&ifmr, 0, sizeof(ifmr)); - (void) strncpy(ifmr.ifm_name, name, sizeof(ifmr.ifm_name)); + (void) strlcpy(ifmr.ifm_name, name, sizeof(ifmr.ifm_name)); /* * Check if interface supports extended media types. @@ -213,7 +213,7 @@ ifmedia_getstate(int s) err(1, "malloc"); (void) memset(ifmr, 0, sizeof(struct ifmediareq)); - (void) strncpy(ifmr->ifm_name, name, + (void) strlcpy(ifmr->ifm_name, name, sizeof(ifmr->ifm_name)); ifmr->ifm_count = 0; @@ -287,7 +287,7 @@ setmedia(const char *val, int d, int s, const struct afswtch *afp) */ subtype = get_media_subtype(IFM_TYPE(ifmr->ifm_ulist[0]), val); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_media = (ifmr->ifm_current & IFM_IMASK) | IFM_TYPE(ifmr->ifm_ulist[0]) | subtype; @@ -319,7 +319,7 @@ domediaopt(const char *val, int clear, int s) options = get_media_options(IFM_TYPE(ifmr->ifm_ulist[0]), val); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_media = ifmr->ifm_current; if (clear) ifr.ifr_media &= ~options; @@ -346,7 +346,7 @@ setmediainst(const char *val, int d, int s, const struct afswtch *afp) if (inst < 0 || inst > (int)IFM_INST_MAX) errx(1, "invalid media instance: %s", val); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_media = (ifmr->ifm_current & ~IFM_IMASK) | inst << IFM_ISHIFT; ifmr->ifm_current = ifr.ifr_media; @@ -363,7 +363,7 @@ setmediamode(const char *val, int d, int s, const struct afswtch *afp) mode = get_media_mode(IFM_TYPE(ifmr->ifm_ulist[0]), val); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); ifr.ifr_media = (ifmr->ifm_current & ~IFM_MMASK) | mode; ifmr->ifm_current = ifr.ifr_media; -- 2.45.0