Date: Wed, 1 Apr 2020 09:51:29 +0000 (UTC) From: Andrew Turner <andrew@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359505 - head/usr.sbin/jail Message-ID: <202004010951.0319pT5J075538@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andrew Date: Wed Apr 1 09:51:29 2020 New Revision: 359505 URL: https://svnweb.freebsd.org/changeset/base/359505 Log: Use memmove to copy within a buffer jail(8) would try to use strcpy to remove the interface from the start of an IP address. This is undefined, and on arm64 will result in unexpected IPv6 addresses. Fix this by using memmove top move the string. PR: 245102 Reported by: sbruno MFC after: 2 weeks Sponsored by: Innovate UK Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c ============================================================================== --- head/usr.sbin/jail/config.c Wed Apr 1 09:01:35 2020 (r359504) +++ head/usr.sbin/jail/config.c Wed Apr 1 09:51:29 2020 (r359505) @@ -596,8 +596,8 @@ check_intparams(struct cfjail *j) if (cs || defif) add_param(j, NULL, IP__IP4_IFADDR, s->s); if (cs) { - strcpy(s->s, cs + 1); s->len -= cs + 1 - s->s; + memmove(s->s, cs + 1, s->len + 1); } if ((cs = strchr(s->s, '/')) != NULL) { *cs = '\0'; @@ -617,8 +617,8 @@ check_intparams(struct cfjail *j) if (cs || defif) add_param(j, NULL, IP__IP6_IFADDR, s->s); if (cs) { - strcpy(s->s, cs + 1); s->len -= cs + 1 - s->s; + memmove(s->s, cs + 1, s->len + 1); } if ((cs = strchr(s->s, '/')) != NULL) { *cs = '\0';
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004010951.0319pT5J075538>