ifenslave: fix CWE-170: Improper Null Termination

Related: #1938746

iputils-ifenslave-CWE-170.patch

@@ -0,0 +1,88 @@
+From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 23 Mar 2021 08:10:10 +0100
+Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
+
+---
+ ifenslave.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/ifenslave.c b/ifenslave.c
+index ddd82ec..1efe4f1 100644
+--- a/ifenslave.c
++++ b/ifenslave.c
+@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname)
+ 	struct sockaddr dstaddr, broadaddr, netmask;
+ 	unsigned char *hwaddr;
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0)
+ 		return -1;
+ 	mif_flags = ifr.ifr_flags;
+ 	printf("The result of SIOCGIFFLAGS on %s is %x.\n",
+ 	       ifname, ifr.ifr_flags);
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0)
+ 		return -1;
+ 	printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n",
+ 	       ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3],
+ 	       ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]);
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
+ 		return -1;
+ 
+@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname)
+ 	       ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1],
+ 	       hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) {
+ 		metric = 0;
+ 	} else
+ 		metric = ifr.ifr_metric;
+ 	printf("The result of SIOCGIFMETRIC is %d\n", metric);
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0)
+ 		mtu = 0;
+ 	else
+ 		mtu = ifr.ifr_mtu;
+ 	printf("The result of SIOCGIFMTU is %d\n", mtu);
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) {
+ 		memset(&dstaddr, 0, sizeof(struct sockaddr));
+ 	} else
+ 		dstaddr = ifr.ifr_dstaddr;
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) {
+ 		memset(&broadaddr, 0, sizeof(struct sockaddr));
+ 	} else
+ 		broadaddr = ifr.ifr_broadaddr;
+ 
+-	strcpy(ifr.ifr_name, ifname);
++	memset(&ifr, 0, sizeof(ifr));
++  	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
+ 	if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) {
+ 		memset(&netmask, 0, sizeof(struct sockaddr));
+ 	} else
+-- 
+2.29.2
+

iputils.spec

@@ -3,7 +3,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20210202
-Release: 2%{?dist}
+Release: 3%{?dist}
 # some parts are under the original BSD (ping.c)
 # some are under GPLv2+ (tracepath.c)
 License: BSD and GPLv2+
@@ -18,6 +18,7 @@ Source4: bsd.txt
 Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 
 Patch100: iputils-ifenslave.patch
+Patch101: iputils-ifenslave-CWE-170.patch
 
 BuildRequires: gcc
 BuildRequires: meson
@@ -54,6 +55,7 @@ Queries.
 cp %{SOURCE4} %{SOURCE5} .
 
 %patch100 -p1
+%patch101 -p1
 
 %build
 %ifarch s390 s390x
@@ -130,6 +132,9 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
 %attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
 
 %changelog
+* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-3
+- ifenslave: fix CWE-170 (related to rhbz#1938746)
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 20210202-2
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.