diff options
| author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2013-08-12 17:09:59 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2013-08-14 17:43:05 +0200 |
| commit | 6761d7da83b54027be441ec942ca25eecdc58f62 (patch) | |
| tree | 6ee9e9e7766453cb7228a30ddfc76cfc68c7cf99 | |
| parent | 9ae6d793074603a01a0688c58a0dd59e7df02dca (diff) | |
| download | busybox-w32-6761d7da83b54027be441ec942ca25eecdc58f62.tar.gz busybox-w32-6761d7da83b54027be441ec942ca25eecdc58f62.tar.bz2 busybox-w32-6761d7da83b54027be441ec942ca25eecdc58f62.zip | |
networking: fix potential overflow in ife_print6()
devname is used by fscanf to store a string specified by '%20s'.
Extract from the man for the '%s' specifier:
Matches a sequence of non-white-space characters; the next pointer must be a
pointer to character array that is long enough to hold the input sequence and
the terminating null byte ('\0'), which is added automatically. The input
string stops at white space or at the maximum field width, whichever occurs
first.
Hence, the right length is 20 + 1 for the '\0'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/interface.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/networking/interface.c b/networking/interface.c index 3dc5b3640..bf7d2b1b4 100644 --- a/networking/interface.c +++ b/networking/interface.c | |||
| @@ -874,7 +874,7 @@ static void print_bytes_scaled(unsigned long long ull, const char *end) | |||
| 874 | static void ife_print6(struct interface *ptr) | 874 | static void ife_print6(struct interface *ptr) |
| 875 | { | 875 | { |
| 876 | FILE *f; | 876 | FILE *f; |
| 877 | char addr6[40], devname[20]; | 877 | char addr6[40], devname[21]; |
| 878 | struct sockaddr_in6 sap; | 878 | struct sockaddr_in6 sap; |
| 879 | int plen, scope, dad_status, if_idx; | 879 | int plen, scope, dad_status, if_idx; |
| 880 | char addr6p[8][5]; | 880 | char addr6p[8][5]; |