svn commit: r359505 - head/usr.sbin/jail
Andrew Turner
andrew at FreeBSD.org
Wed Apr 1 09:51:37 UTC 2020
Author: andrew
Date: Wed Apr 1 09:51:29 2020
New Revision: 359505
URL: https://svnweb.freebsd.org/changeset/base/359505
Log:
Use memmove to copy within a buffer
jail(8) would try to use strcpy to remove the interface from the start of
an IP address. This is undefined, and on arm64 will result in unexpected
IPv6 addresses.
Fix this by using memmove top move the string.
PR: 245102
Reported by: sbruno
MFC after: 2 weeks
Sponsored by: Innovate UK
Modified:
head/usr.sbin/jail/config.c
Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c Wed Apr 1 09:01:35 2020 (r359504)
+++ head/usr.sbin/jail/config.c Wed Apr 1 09:51:29 2020 (r359505)
@@ -596,8 +596,8 @@ check_intparams(struct cfjail *j)
if (cs || defif)
add_param(j, NULL, IP__IP4_IFADDR, s->s);
if (cs) {
- strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
+ memmove(s->s, cs + 1, s->len + 1);
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
@@ -617,8 +617,8 @@ check_intparams(struct cfjail *j)
if (cs || defif)
add_param(j, NULL, IP__IP6_IFADDR, s->s);
if (cs) {
- strcpy(s->s, cs + 1);
s->len -= cs + 1 - s->s;
+ memmove(s->s, cs + 1, s->len + 1);
}
if ((cs = strchr(s->s, '/')) != NULL) {
*cs = '\0';
More information about the svn-src-head
mailing list