Replace strncpy() with strlcpy() when copying the interface name into ifr.ifr_name in link_status(). This ensures proper NUL-termination and addresses a potential issue flagged by Coverity static analysis.
No functional change intended.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
| sbin/ifconfig/af_link.c | ||
|---|---|---|
| 137 | OK. This is a good change since ifr_name is an array of IF_NAMESIZE bytes (currently 16) that's documented to be null terminated: /* * Length of interface external name, including terminating '\0'. * Note: this is the same size as a generic device's external name. */ Though I'm not entirely sure what a 'generic device' might be, since newbus names can be longer than 16 characters... But I guess that part doesn't matter. 'including the terminating '\0'. While one could pass in a mal-formed ifa structure, pointing to a device that's longer than allowed and this would silently truncate it, the worst that could happen is that the kernel can't find the device for the SIOCGHWADDDR call and the error would be signalled there. tl;dr: Looks great! | |
Comment Actions
The commit message says “no functional change intended” but there is one: strncpy() zero-fills the unused portion of the buffer, strlcpy() does not, so this leaves ifr partly uninitialized. It probably doesn't matter in this direction, but I don't see this addressed anywhere in the review.
Comment Actions
The kernel shall alway be robust against userland's input. A proper NUL-terminated string or not, zero-filled the unused portion of the buffer or not, shall not make any differences.
So I think No functional change intended is proper in this case.