passing in a very long interface name could make a buffer overflow

1 files changed, 4 insertions, 1 deletions

diff --git a/lib/if2ip.c b/lib/if2ip.c
index 237d1f758..b167b8df6 100644
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -94,8 +94,11 @@ char *Curl_if2ip(const char *interface, char *buf, int buf_size)
   }
   else {
     struct ifreq req;
+    size_t len = strlen(interface);
     memset(&req, 0, sizeof(req));
-    strcpy(req.ifr_name, interface);
+    if(len >= sizeof(req.ifr_name))
+      return NULL; /* this can't be a fine interface name */
+    memcpy(req.ifr_name, interface, len+1);
     req.ifr_addr.sa_family = AF_INET;
 #ifdef	IOCTL_3_ARGS
     if (SYS_ERROR == ioctl(dummy, SIOCGIFADDR, &req)) {