File lldpad-0.9.32-fix-buffer-overflow of Package lldpad

Overview Repositories Revisions Requests Users Attributes Meta

File lldpad-0.9.32-fix-buffer-overflow of Package lldpad

lldpad: fix buffer overflow in med inventory string.

From: Eric Multanen <eric.w.multanen@intel.com>

MED inventory allows 32 max chars, excluding '\0', increase the buffer to be
33 to make sure we have the output string null terminated when retrieving from
the sysfs.
---

lldp_med.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

--
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>

diff --git a/lldp_med.c b/lldp_med.c
index fd2dc8e..5405c8f 100644
--- a/lldp_med.c
+++ b/lldp_med.c
@@ -248,7 +248,7 @@ int med_read_inventory(u8 subtype, char *buf, size_t size)
 		break;
 	case LLDP_MED_INV_SWREV:
 		if (!uname(&uts)) {
-			strncpy(buf, uts.release, size);
+			strncpy(buf, uts.release, size - 1);
 			goto out_err;
 		}
 		fprintf(stderr, "###:%s: uname() failed for %d, try"
@@ -298,7 +298,7 @@ out_err:
 static struct unpacked_tlv *med_bld_invtlv(struct med_data *md, u8 subtype)
 {
 	int length;
-	u8 desc[32];
+	u8 desc[33];
 	struct unpacked_tlv *tlv = NULL;
 
 	if (!is_tlv_txenabled(md->ifname, TLVID_MED(subtype))) {

Places

File lldpad-0.9.32-fix-buffer-overflow of Package lldpad

Places