diff options
| author | Skylar Chang <chiaweic@codeaurora.org> | 2017-03-15 18:15:49 -0700 |
|---|---|---|
| committer | dd3boh <dade.garberi@gmail.com> | 2017-07-12 23:03:43 +0200 |
| commit | 569b4a71f087b7629b012c012a0b74b540340230 (patch) | |
| tree | 7032e18d7a59583ec13ed3605adc8d3ad079a72f /data-ipa-cfg-mgr/ipacm | |
| parent | a6ef1ee0c463cb1682ab4e8bae2062032ddb7a9e (diff) | |
IPACM: fix security issue in querying if index
Fix the security issue in ipa_get_if_index() function.
Change-Id: I84d0dc85ae662b8744ae6f380122a096d8670ad0
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Acked-by: Shihuan Liu <shihuanl@qti.qualcomm.com>
Diffstat (limited to 'data-ipa-cfg-mgr/ipacm')
| -rw-r--r-- | data-ipa-cfg-mgr/ipacm/src/IPACM_Iface.cpp | 55 |
1 files changed, 31 insertions, 24 deletions
diff --git a/data-ipa-cfg-mgr/ipacm/src/IPACM_Iface.cpp b/data-ipa-cfg-mgr/ipacm/src/IPACM_Iface.cpp index 84132c9..8c37d80 100644 --- a/data-ipa-cfg-mgr/ipacm/src/IPACM_Iface.cpp +++ b/data-ipa-cfg-mgr/ipacm/src/IPACM_Iface.cpp @@ -924,30 +924,37 @@ int IPACM_Iface::ipa_get_if_index int * if_index ) { - int fd; - struct ifreq ifr; - - if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - { - IPACMERR("get interface index socket create failed \n"); - return IPACM_FAILURE; - } - - memset(&ifr, 0, sizeof(struct ifreq)); - (void)strncpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name)); - IPACMDBG_H("interface name (%s)\n", if_name); - - if (ioctl(fd,SIOCGIFINDEX , &ifr) < 0) - { - IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name); - close(fd); - return IPACM_FAILURE; - } - - *if_index = ifr.ifr_ifindex; - IPACMDBG_H("Interface index %d\n", *if_index); - close(fd); - return IPACM_SUCCESS; + int fd; + struct ifreq ifr; + + if((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { + IPACMERR("get interface index socket create failed \n"); + return IPACM_FAILURE; + } + + if(strlen(if_name) >= sizeof(ifr.ifr_name)) + { + IPACMERR("interface name overflows: len %d\n", strlen(if_name)); + close(fd); + return IPACM_FAILURE; + } + + memset(&ifr, 0, sizeof(struct ifreq)); + (void)strlcpy(ifr.ifr_name, if_name, sizeof(ifr.ifr_name)); + IPACMDBG_H("interface name (%s)\n", if_name); + + if(ioctl(fd,SIOCGIFINDEX , &ifr) < 0) + { + IPACMERR("call_ioctl_on_dev: ioctl failed, interface name (%s):\n", ifr.ifr_name); + close(fd); + return IPACM_FAILURE; + } + + *if_index = ifr.ifr_ifindex; + IPACMDBG_H("Interface index %d\n", *if_index); + close(fd); + return IPACM_SUCCESS; } void IPACM_Iface::config_ip_type(ipa_ip_type iptype) |