diff options
author | Ralf Baechle <ralf@linux-mips.org> | 2021-07-27 20:37:43 +0200 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2021-07-27 20:43:32 +0200 |
commit | b86ad2b7a9004b52de563c0add7616ac4056840e (patch) | |
tree | 1c87e11a6f9a0307ef8335b6784a21679b36fe18 | |
parent | e28aef2c38b8dc0574cfe6b9d02c36920a1b87b9 (diff) |
rxecho: Increase space allocated for network interface name to IFNAMSIZ.
The previous hardcoded value was ok when used with the old SOCK_PACKET
which was truncating network interface names to 14 bytes anyway. When
support for the new-fangled PF_PACKET was added this became a bug.
While technically a buffer overflow it is something that could only be
exploited by root himself. Even more, due to alignment rules used by all
Linux architectures the two bytes following the overflowed arrays would
be unused anyway because an int is following, so this would actually end
up working as intended, not as coded.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Fixes: 5415c1237782
-rw-r--r-- | ax25/rxecho.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ax25/rxecho.c b/ax25/rxecho.c index 79204ee..42df57f 100644 --- a/ax25/rxecho.c +++ b/ax25/rxecho.c @@ -87,9 +87,9 @@ #define MAXCALLS 8 struct config { - char from[14]; /* sockaddr.sa_data is 14 bytes */ + char from[IFNAMSIZ]; int from_idx; - char to[14]; + char to[IFNAMSIZ]; int to_idx; ax25_address calls[MAXCALLS];/* list of calls to echo */ int ncalls; /* number of calls to echo */ |