From b86ad2b7a9004b52de563c0add7616ac4056840e Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Tue, 27 Jul 2021 20:37:43 +0200 Subject: rxecho: Increase space allocated for network interface name to IFNAMSIZ. The previous hardcoded value was ok when used with the old SOCK_PACKET which was truncating network interface names to 14 bytes anyway. When support for the new-fangled PF_PACKET was added this became a bug. While technically a buffer overflow it is something that could only be exploited by root himself. Even more, due to alignment rules used by all Linux architectures the two bytes following the overflowed arrays would be unused anyway because an int is following, so this would actually end up working as intended, not as coded. Signed-off-by: Ralf Baechle Fixes: 5415c1237782 --- ax25/rxecho.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ax25/rxecho.c b/ax25/rxecho.c index 79204ee..42df57f 100644 --- a/ax25/rxecho.c +++ b/ax25/rxecho.c @@ -87,9 +87,9 @@ #define MAXCALLS 8 struct config { - char from[14]; /* sockaddr.sa_data is 14 bytes */ + char from[IFNAMSIZ]; int from_idx; - char to[14]; + char to[IFNAMSIZ]; int to_idx; ax25_address calls[MAXCALLS];/* list of calls to echo */ int ncalls; /* number of calls to echo */ -- cgit v1.2.3