From 15b6885fe0ac67a23bbf80f90b1854c3bd7db984 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 10 Sep 2012 01:25:50 +0200 Subject: Make sure that *really* no more than sizeof(ifr.ifr_name) chars are strcpy-ed to ifr.ifr_name and that the string is *always* NUL terminated. New code shouldn't use strcpy(), too. CID 719692 --- Modules/socketmodule.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 7176674..d8c81fe 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1674,7 +1674,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, if (len == 0) { ifr.ifr_ifindex = 0; } else if (len < sizeof(ifr.ifr_name)) { - strcpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName)); + strncpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName), sizeof(ifr.ifr_name)); + ifr.ifr_name[(sizeof(ifr.ifr_name))-1] = '\0'; if (ioctl(s->sock_fd, SIOCGIFINDEX, &ifr) < 0) { s->errorhandler(); Py_DECREF(interfaceName); -- cgit v0.12