From e8b3e880da69f9ac398bfd90015564ef09e948a3 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri.staessens@ugent.be>
Date: Tue, 9 Oct 2018 21:02:14 +0200
Subject: ipcpd: Fix SEGV in eth IPCP

The memcpy of the device name was copying a fixed set of bytes
(IFNAMSIZ), but the string conf->dev is usually shorter.

Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
---
 src/ipcpd/eth/eth.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/ipcpd/eth/eth.c')

diff --git a/src/ipcpd/eth/eth.c b/src/ipcpd/eth/eth.c
index 1bbfac5b..e7a1580c 100644
--- a/src/ipcpd/eth/eth.c
+++ b/src/ipcpd/eth/eth.c
@@ -1242,8 +1242,13 @@ static int eth_ipcp_bootstrap(const struct ipcp_config * conf)
                 return -1;
         }
 
+        if (strlen(conf->dev) >= IFNAMSIZ) {
+                log_err("Invalid device name: %s.", conf->dev);
+                return -1;
+        }
+
         memset(&ifr, 0, sizeof(ifr));
-        memcpy(ifr.ifr_name, conf->dev, IFNAMSIZ);
+        strcpy(ifr.ifr_name, conf->dev);
 
 #ifdef BUILD_ETH_DIX
         if (conf->ethertype < 0x0600 || conf->ethertype == 0xFFFF) {
-- 
cgit v1.2.3