[hurd,commited] hurd: Fix buffer overrun in __if_nametoindex

[hurd,commited] hurd: Fix buffer overrun in __if_nametoindex

[Samuel Thibault]

and building with mainline GCC which reports it.

	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
	ifr.fr_name with a NUL caracter.
---
 ChangeLog                    | 5 +++++
 sysdeps/mach/hurd/if_index.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 36b022cb35..28fa4a5e69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-04-03  Samuel Thibault  <samuel.thibault@ens-lyon.org>
+
+	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
+	ifr.fr_name with a NUL caracter.
+
 2018-04-03  Wilco Dijkstra  <wdijkstr@arm.com>
 
 	* sysdeps/ieee754/dbl-64/s_sin.c (__sin): Cleanup ifdefs.
diff --git a/sysdeps/mach/hurd/if_index.c b/sysdeps/mach/hurd/if_index.c
index d637353d74..7f647b7036 100644
--- a/sysdeps/mach/hurd/if_index.c
+++ b/sysdeps/mach/hurd/if_index.c
@@ -37,7 +37,9 @@ __if_nametoindex (const char *ifname)
   if (fd < 0)
     return 0;
 
-  strncpy (ifr.ifr_name, ifname, IFNAMSIZ);
+  strncpy (ifr.ifr_name, ifname, IFNAMSIZ - 1);
+  ifr.ifr_name[IFNAMESIZ - 1] = '\0';
+
   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
     {
       int saved_errno = errno;
-- 
2.16.2

Re: [hurd,commited] hurd: Fix buffer overrun in __if_nametoindex

[Joseph Myers]

On Tue, 3 Apr 2018, Samuel Thibault wrote:

> and building with mainline GCC which reports it.
> 
> 	* sysdeps/mach/hurd/if_index.c (__if_nametoindex): Always end
> 	ifr.fr_name with a NUL caracter.

Are you sure this truncation is correct?  The conclusion we reached for 
the Linux version was to check for a too-big length and return an ENODEV 
error in that case, instead.

-- 
Joseph S. Myers
joseph@codesourcery.com