[PATCH] inet: null terminate ifr_name buffer

Michael Santos michael.santos@REDACTED
Wed Jul 21 17:15:21 CEST 2010


The buffer holding the interface name should be null terminated.
See man 7 socket on Linux or the definiton of IFNAMSIZ in net/if.h
on FreeBSD:

Length of interface external name, including terminating '\0'.
---
 erts/emulator/drivers/common/inet_drv.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/erts/emulator/drivers/common/inet_drv.c b/erts/emulator/drivers/common/inet_drv.c
index e5024d3..72deedf 100644
--- a/erts/emulator/drivers/common/inet_drv.c
+++ b/erts/emulator/drivers/common/inet_drv.c
@@ -4103,7 +4103,7 @@ static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
 	goto error;
     sys_memset(ifreq.ifr_name, '\0', IFNAMSIZ);
     sys_memcpy(ifreq.ifr_name, buf+1, 
-	       (namlen > IFNAMSIZ) ? IFNAMSIZ : namlen);
+	       (namlen >= IFNAMSIZ) ? IFNAMSIZ-1 : namlen);
     buf += (namlen+1);
     len -= (namlen+1);
     sptr = sbuf;
@@ -4256,7 +4256,7 @@ static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
 	goto error;
     sys_memset(ifreq.ifr_name, '\0', IFNAMSIZ);
     sys_memcpy(ifreq.ifr_name, buf+1, 
-	       (namlen > IFNAMSIZ) ? IFNAMSIZ : namlen);
+	       (namlen >= IFNAMSIZ) ? IFNAMSIZ-1 : namlen);
     buf += (namlen+1);
     len -= (namlen+1);
 
-- 
1.5.6.4



More information about the erlang-patches mailing list