libpcap icon indicating copy to clipboard operation
libpcap copied to clipboard

Published 20 hours ago verified publisher icon the-tcpdump-group

strncpys in libpcap should be strlcp

Open guyharris opened this issue 12 years ago • 6 comments

Converted from SourceForge issue 599847, submitted by donhatch

All strncpys in libpcap should be changed to strlcpy. Also, there is this strange thing in pcap-snit.c: strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' '; I don't understand why the space character is used here; it seems to me that it should be '\0' (which will of course be unecessary when this strncpy is changed to strlcpy).

guyharris avatar Apr 15 '13 23:04 guyharris

Commit bf2270d addressed NULL termination part of this report in 2002.

infrastation avatar Oct 15 '13 13:10 infrastation

strlcpy(), which boils to strncpy() with NULL termination enforced, isn't portable. For example, my Linux host doesn't include it. There is an article explaining that just having strlcpy() in the code doesn't result in guaranteed security: http://lwn.net/Articles/507319/

A sufficient scope of this request would be to check that all strncpy() instances handle NULL termination.

infrastation avatar Oct 28 '13 17:10 infrastation

There were already some strlcpy()s in pcap-linux.c; I converted the remainder of them to fix some Coverity issues. We have a fallback version of snprintf(); we should perhaps have a fallback version of strlcpy() as well, just as tcpdump does.

The strncpy()s and strcpy()s I converted are for ioctls on the interface; we should probably check, in the create routine on Linux, whether the name passed in is too big for those ioctls and, if so, return "no such device" (because the Linux kernel presumably won't create network interfaces whose names won't fit in those ioctls - if it does, that's a kernel bug).

guyharris avatar Apr 04 '14 19:04 guyharris

we should probably check, in the create routine on Linux, whether the name passed in is too big for those ioctls and, if so, return "no such device"

Or in the activate routine; I've added that check in 1099050.

guyharris avatar Apr 04 '14 19:04 guyharris

pcap-int.h has

#ifndef HAVE_STRLCPY
#define strlcpy(x, y, z) \
        (strncpy((x), (y), (z)), \
         ((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
         strlen((y)))
#endif

and the libpcap configure script checks for strlcpy(), so if it's missing, we have a macro that does the right thing using strncpy().

guyharris avatar Apr 04 '14 19:04 guyharris

we should probably check, in the create routine on Linux, whether the name passed in is too big for those ioctls and, if so, return "no such device"

Or in the activate routine; I've added that check in 1099050.

Done in pcap-bpf.c as well, with various commits.

I'll look at cleaning up the (ancient) remaining code that's using strncpy().

guyharris avatar May 17 '20 23:05 guyharris