From 13f4ac4cb74b5a833fa7f825ba785b1e5774e84f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Aug 2023 16:04:36 +0200 Subject: [PATCH] ipc: linux: enforce IFNAMSIZ limit libmnl doesn't check lengths, so do our own checking before copying the interface name to the netlink buffer. Signed-off-by: Jason A. Donenfeld --- src/ipc-linux.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ipc-linux.h b/src/ipc-linux.h index 5883ffe..d29c0c5 100644 --- a/src/ipc-linux.h +++ b/src/ipc-linux.h @@ -479,6 +479,12 @@ static int kernel_get_device(struct wgdevice **device, const char *iface) struct nlmsghdr *nlh; struct mnlg_socket *nlg; + /* libmnl doesn't check the buffer size, so enforce that before using. */ + if (strlen(iface) >= IFNAMSIZ) { + errno = ENAMETOOLONG; + return -ENAMETOOLONG; + } + try_again: ret = 0; *device = calloc(1, sizeof(**device));