From 4af08a19f85c577d9b1f2df892c82e34e473f31d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 30 Jun 2004 11:48:19 +0000
Subject: passing in a very long interface name could make a buffer overflow

---
 lib/if2ip.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/if2ip.c')

diff --git a/lib/if2ip.c b/lib/if2ip.c
index 237d1f758..b167b8df6 100644
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -94,8 +94,11 @@ char *Curl_if2ip(const char *interface, char *buf, int buf_size)
   }
   else {
     struct ifreq req;
+    size_t len = strlen(interface);
     memset(&req, 0, sizeof(req));
-    strcpy(req.ifr_name, interface);
+    if(len >= sizeof(req.ifr_name))
+      return NULL; /* this can't be a fine interface name */
+    memcpy(req.ifr_name, interface, len+1);
     req.ifr_addr.sa_family = AF_INET;
 #ifdef	IOCTL_3_ARGS
     if (SYS_ERROR == ioctl(dummy, SIOCGIFADDR, &req)) {
-- 
cgit v1.2.3