IPACM: fix the security issue in ConntrackClient

Fix the security issue in IPACM ConntrackClient. Change-Id: Ia586d9916fc6391ffce436fba9b1ceae1220bc48 Signed-off-by: Skylar Chang <chiaweic@codeaurora.org> Acked-by: Shihuan Liu <shihuanl@qti.qualcomm.com>
author: Skylar Chang <chiaweic@codeaurora.org> 2017-03-15 18:34:26 -0700
committer: dd3boh <dade.garberi@gmail.com> 2017-07-12 23:03:43 +0200
commit: 9ba23532546ecf68c4eecee4ec9a0e9a38f23ae2 (patch)
tree: a2f0f4104907f45b74822db465c3b0d8ce8b973a /data-ipa-cfg-mgr
parent: 569b4a71f087b7629b012c012a0b74b540340230 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/data-ipa-cfg-mgr/ipacm/src/IPACM_ConntrackClient.cpp b/data-ipa-cfg-mgr/ipacm/src/IPACM_ConntrackClient.cpp
index 146cedb..23724fd 100644
--- a/data-ipa-cfg-mgr/ipacm/src/IPACM_ConntrackClient.cpp
+++ b/data-ipa-cfg-mgr/ipacm/src/IPACM_ConntrackClient.cpp
@@ -169,10 +169,18 @@ int IPACM_ConntrackClient::IPA_Conntrack_Filters_Ignore_Bridge_Addrs
 	uint32_t ipv4_addr;
 	struct ifreq ifr;
 
+	if(strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name) >= sizeof(ifr.ifr_name))
+	{
+		IPACMERR("interface name overflows: len %d\n",
+			strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name));
+		close(fd);
+		return -1;
+	}
+
 	/* retrieve bridge interface ipv4 address */
 	memset(&ifr, 0, sizeof(struct ifreq));
 	ifr.ifr_addr.sa_family = AF_INET;
-	(void)strncpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
+	(void)strlcpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
 	IPACMDBG("bridge interface name (%s)\n", ifr.ifr_name);
 
 	ret = ioctl(fd, SIOCGIFADDR, &ifr);
author	Skylar Chang <chiaweic@codeaurora.org>	2017-03-15 18:34:26 -0700
committer	dd3boh <dade.garberi@gmail.com>	2017-07-12 23:03:43 +0200
commit	9ba23532546ecf68c4eecee4ec9a0e9a38f23ae2 (patch)
tree	a2f0f4104907f45b74822db465c3b0d8ce8b973a /data-ipa-cfg-mgr
parent	569b4a71f087b7629b012c012a0b74b540340230 (diff)