Bug#805519: [PATCH (dockapps)] wmifs: Fix buffer overflow if interface has name > 8 characters.

Doug Torrance dtorrance at piedmont.edu
Tue Apr 19 15:57:27 UTC 2016 

Patch by anomie at users.sourceforge.net to fix Debian bug #805519. [1]

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805519
---
 wmifs/wmifs.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/wmifs/wmifs.c b/wmifs/wmifs.c
index 49eb3d9..28e8f18 100644
--- a/wmifs/wmifs.c
+++ b/wmifs/wmifs.c
@@ -247,6 +247,7 @@
 
 /* the size of the buffer read from /proc/net/ */
 #define BUFFER_SIZE 512
+
   /**********************/
  /* External Variables */
 /**********************/
@@ -317,7 +318,7 @@ int main(int argc, char *argv[])
 			switch (arg[1]) {
 			case 'c' :
 				if (argc > i+1) {
-					strcpy(color, argv[i+1]);
+					strncpy(color, argv[i+1], sizeof(color));
 					i++;
 				}
 				break;
@@ -392,7 +393,7 @@ Pixel scale_pixel(Pixel pixel, float scale)
 
 typedef struct {
 
-	char	name[8];
+	char	name[IFNAMSIZ];
 	int	his[55][2];
 	long	istatlast;
 	long	ostatlast;
@@ -478,7 +479,7 @@ void wmifs_routine(int argc, char **argv)
 		fprintf(stderr, "Unknown $HOME directory, please check your environment\n");
 		return;
 	}
-	strcpy(temp, p);
+	strncpy(temp, p, BUFFER_SIZE - 10);
 	strcat(temp, "/.wmifsrc");
 	parse_rcfile(temp, wmifs_keys);
 
@@ -852,7 +853,7 @@ int checknetdevs(void)
 	int		i = 0, j;
 	int		k;
 	int		devsfound = 0;
-	char	foundbuffer[MAX_STAT_DEVICES][8];
+	char	foundbuffer[MAX_STAT_DEVICES][IFNAMSIZ];
 
 	for (i = 0; i < MAX_STAT_DEVICES; i++)
 		foundbuffer[i][0] = 0;
@@ -890,7 +891,7 @@ int checknetdevs(void)
 			   skip it! */
 
 			if (strcmp(p, "lo") || (active_interface && !strcmp(active_interface, "lo"))) {
-				strcpy(foundbuffer[devsfound], p);
+				strncpy(foundbuffer[devsfound], p, IFNAMSIZ);
 				devsfound++;
 			}
 			if (devsfound >= MAX_STAT_DEVICES)
@@ -930,7 +931,7 @@ int checknetdevs(void)
 	for (j = 0; j < MAX_STAT_DEVICES; j++) {
 		if (foundbuffer[j][0]) {
 
-			strcpy(stat_devices[i].name, foundbuffer[j]);
+			strncpy(stat_devices[i].name, foundbuffer[j], IFNAMSIZ);
 
 			for (k = 0; k < 48; k++) {
 				stat_devices[i].his[k][0] = 0;
@@ -948,7 +949,7 @@ int checknetdevs(void)
 				break;
 			}
 		if (!k) {
-			strcpy(stat_devices[i].name, active_interface);
+			strncpy(stat_devices[i].name, active_interface, IFNAMSIZ);
 			for (k = 0; k < 48; k++) {
 				stat_devices[i].his[k][0] = 0;
 				stat_devices[i].his[k][1] = 0;
-- 
2.5.0

More information about the Pkg-wmaker-devel mailing list