Make sure the device name we're handed will fit into an ioctl.

If not, the device presumably doesn't exist, as the Linux kernel
shouldn't support creating such a device; make sure we don't just use a
truncated version of the name in ioctls.

1 files changed, 17 insertions, 0 deletions

diff --git a/pcap-linux.c b/pcap-linux.c
index 8ab8d5ab..21943453 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -1229,10 +1229,27 @@ pcap_activate_linux(pcap_t *handle)
 {
 	struct pcap_linux *handlep = handle->priv;
 	const char	*device;
+	struct ifreq	ifr;
 	int		status = 0;
 
 	device = handle->opt.source;
 
+	/*
+	 * Make sure the name we were handed will fit into the ioctls we
+	 * might perform on the device; if not, return a "No such device"
+	 * indication, as the Linux kernel shouldn't support creating
+	 * a device whose name won't fit into those ioctls.
+	 *
+	 * "Will fit" means "will fit, complete with a null terminator",
+	 * so if the length, which does *not* include the null terminator,
+	 * is greater than *or equal to* the size of the field into which
+	 * we'll be copying it, that won't fit.
+	 */
+	if (strlen(device) >= sizeof(ifr.ifr_name)) {
+		status = PCAP_ERROR_NO_SUCH_DEVICE;
+		goto fail;
+	}
+
 	handle->inject_op = pcap_inject_linux;
 	handle->setfilter_op = pcap_setfilter_linux;
 	handle->setdirection_op = pcap_setdirection_linux;