! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Array out of bounds write in xfce4-netload-plugin
Status:
RESOLVED: FIXED
Priority:
Medium
Severity:
normal
Product:
Xfce4-netload-plugin
Component:
General

Comments

Description Guido Berhoerster 2014-11-23 20:29:13 CET 
Created attachment 5769 
Fix array out of bounds write

xfce4-netload-plugin does an array out of bounds write when trying to ensure nul-termination panel-plugin/net.c:

    strncpy( data->ifdata.if_name, device, INTERFACE_NAME_LENGTH);
    data->ifdata.if_name[INTERFACE_NAME_LENGTH] = '\0';

where the size of ifdata.if_name is INTERFACE_NAME_LENGTH. See attached patch for a fix.
Comment 1 Landry Breuil editbugs 2014-11-23 21:44:15 CET 
Mass-reassign all bugs from florian@ to goodies-dev@, thanks for the maintenance work! (and sorry for the bugmail spam..)
Comment 2 Mike Massonnet editbugs 2014-11-23 22:21:01 CET 
mmh, the name of the iface you type in the settings cannot exceed 32 chars, and if_name has 33 chars.

I will look into this.
Comment 3 Mike Massonnet editbugs 2014-11-23 22:23:28 CET 
ok good catch
Comment 4 Steve Dodier-Lazaro editbugs 2015-02-15 06:35:42 CET 
Mike,

If you agree the patch should be pushed, could you please do it and then close this bug report? The vulnerable strncpy is still present in Git right now.

Thanks!

Bug #11328

Reported by:
Guido Berhoerster
Reported on: 2014-11-23
Last modified on: 2017-06-09

People

Assignee:
Skunnyk
CC List:
3 users

Version

Version:
git
Target Milestone:
---

Attachments

Fix array out of bounds write (689 bytes, patch)
2014-11-23 20:29 CET , Guido Berhoerster 		no flags

Additional information