[Snort-devel] Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x

sockstat sockstat at ...445...
Sat Aug 17 05:39:00 EDT 2013


Would there be any objection against replacing all strncpy instances with strlcpy? Then we won't encounter non null terminated buffers for sure.

-------- Original message --------
From: Michael Altizer <xiche at ...1778...>
Date: 08/16/2013  3:54 PM  (GMT-08:00)
To: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x

On 08/13/2013 12:55 PM, Bill Parker wrote:
> Hello All,
>
> In DAQ-2.0.1, directory 'os-daq-modules', file 'daq_afpacket.c',
> I found two instances for calls to strncpy() which are not NULL
> terminated (compared to a call to strcpy() which NULL terminates
> the resulting string).
>
> The patch file below adds the NULL byte:
>
> --- daq_afpacket.c.orig 2013-08-12 19:07:36.190972370 -0700
> +++ daq_afpacket.c      2013-08-12 19:10:11.983969620 -0700
> @@ -110,6 +110,7 @@
>      memset(&ifr, 0, sizeof(ifr));
>      strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
> +    ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
>      if (ioctl(instance->fd, SIOCGIFINDEX, &ifr) == -1)
>          return -1;
> @@ -151,6 +152,7 @@
>      memset(&ifr, 0, sizeof(ifr));
>      strncpy(ifr.ifr_name, instance->name, sizeof(ifr.ifr_name));
> +    ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
>      if (ioctl(instance->fd, SIOCGIFHWADDR, &ifr) == -1)
>      {
> A 'make' and 'make install' result in successful compilation :)

Thanks, Bill, but the name that it is copying from will always be a
NULL-terminated string of at most IFNAMSIZ bytes (including the NULL),
so it shouldn't really be an issue.  See afpacket_daq_initialize() for
the sanity checking on the device names.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130817/cae83ba8/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
-------------- next part --------------
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


More information about the Snort-devel mailing list