[PATCH 02/23] e100, e1000, ixgb: Fix an impossible memory overwrite bug

[PATCH 00/23] e100, e1000, ixgb updates · Kok, Auke <hidden> · 2006-09-19
[PATCH 01/23] e100, e1000, ixgb: update copyright header and remove LICENSE · Kok, Auke <hidden> · 2006-09-19
[PATCH 02/23] e100, e1000, ixgb: Fix an impossible memory overwrite bug · Kok, Auke <hidden> · 2006-09-19
[PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Auke Kok <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Dave Jones <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Dave Jones <hidden> · 2006-09-19
Re: [PATCH 03/23] e100: Add debugging code for cb cleaning and csum failures. · Auke Kok <hidden> · 2006-09-19
[PATCH 04/23] e100: rework WoL and shutdown handling · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 04/23] e100: rework WoL and shutdown handling · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 04/23] e100: rework WoL and shutdown handling · Auke Kok <hidden> · 2006-09-19
Re: [PATCH 04/23] e100: rework WoL and shutdown handling · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 04/23] e100: rework WoL and shutdown handling · Auke Kok <hidden> · 2006-09-19
[PATCH 05/23] e1000: rename flow control symbols · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 05/23] e1000: rename flow control symbols · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 05/23] e1000: rename flow control symbols · Auke Kok <hidden> · 2006-09-19
[PATCH 06/23] e1000: add enums for several link properties · Kok, Auke <hidden> · 2006-09-19
[PATCH 07/23] e1000: remove unused code and make symbols static · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 07/23] e1000: remove unused code and make symbols static · Jeff Garzik <hidden> · 2006-09-19
[PATCH 08/23] e1000: add multicast stats counters · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 08/23] e1000: add multicast stats counters · Jeff Garzik <hidden> · 2006-09-19
[PATCH 09/23] e1000: allow ethtool to pass arbitrary speed advertisment · Kok, Auke <hidden> · 2006-09-19
[PATCH 10/23] e1000: Fix MANC detection for PCIE adapters · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 10/23] e1000: Fix MANC detection for PCIE adapters · Jeff Garzik <hidden> · 2006-09-19
[PATCH 11/23] e1000: Jumbo frames fixes for 82573 · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 11/23] e1000: Jumbo frames fixes for 82573 · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 11/23] e1000: Jumbo frames fixes for 82573 · Auke Kok <hidden> · 2006-09-20
[PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Stephen Hemminger <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Stephen Hemminger <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Auke Kok <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Stephen Hemminger <hidden> · 2006-09-19
Re: [PATCH 12/23] e1000: Maybe stop TX if not enough free descriptors · Auke Kok <hidden> · 2006-09-20
[PATCH 13/23] e1000: gather hardware bit tweaks. · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 13/23] e1000: gather hardware bit tweaks. · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 13/23] e1000: gather hardware bit tweaks. · Auke Kok <hidden> · 2006-09-27
[PATCH 14/23] e1000: handle manageability for pci-e adapters at PHY powerdown · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 14/23] e1000: handle manageability for pci-e adapters at PHY powerdown · Jeff Garzik <hidden> · 2006-09-19
[PATCH 15/23] e1000: add PCI-E capability detection code · Kok, Auke <hidden> · 2006-09-19
[PATCH 16/23] e1000: reduce RAR entries available for ICH8 · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 16/23] e1000: reduce RAR entries available for ICH8 · Jeff Garzik <hidden> · 2006-09-19
[PATCH 17/23] e1000: driver state fixes (race fix) · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 17/23] e1000: driver state fixes (race fix) · Jeff Garzik <hidden> · 2006-09-19
[PATCH 18/23] e1000: revert 'e1000: Remove 0x1000 as supported device' · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 18/23] e1000: revert 'e1000: Remove 0x1000 as supported device' · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 18/23] e1000: revert 'e1000: Remove 0x1000 as supported device' · Auke Kok <hidden> · 2006-09-19
Re: [PATCH 18/23] e1000: revert 'e1000: Remove 0x1000 as supported device' · Jeff Garzik <hidden> · 2006-09-19
[PATCH 19/23] e1000: rework polarity, NVM, eeprom code and fixes. · Kok, Auke <hidden> · 2006-09-19
[PATCH 20/23] e1000: don't strip vlan ID if 8021q claims it · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 20/23] e1000: don't strip vlan ID if 8021q claims it · Jeff Garzik <hidden> · 2006-09-19
[PATCH 21/23] ixgb: combine more rx descriptors to improve performance · Kok, Auke <hidden> · 2006-09-19
[PATCH 22/23] ixgb: convert to netdev_priv(netdev) · Kok, Auke <hidden> · 2006-09-19
[PATCH 23/23] e100, e1000, ixgb: increment version numbers · Kok, Auke <hidden> · 2006-09-19
Re: [PATCH 23/23] e100, e1000, ixgb: increment version numbers · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 00/23] e100, e1000, ixgb updates · Jeff Garzik <hidden> · 2006-09-19
Re: [PATCH 00/23] e100, e1000, ixgb updates · Auke Kok <hidden> · 2006-09-19

STALE7207d

Revisions (2)

2006-08-29 v1 [diff vs current]
2006-09-19 v1 current

From: Kok, Auke <hidden>
Date: 2006-09-19 17:19:41
Subsystem: networking drivers, the rest · Maintainers: Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

We keep getting requests from people that think that this might be
an exploitable hole where we would overwrite 4 bytes in the netdev
struct if the pci name would exceed 15 characters. In reality this
will never happen but we fix it anyway.

Signed-off-by: Auke Kok <redacted>
---

 drivers/net/e100.c             |    2 +-
 drivers/net/e1000/e1000_main.c |    2 +-
 drivers/net/ixgb/ixgb_main.c   |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/e100.c b/drivers/net/e100.c
index d9750e2..ab0868c 100644
--- a/drivers/net/e100.c
+++ b/drivers/net/e100.c

@@ -2572,7 +2572,7 @@ static int __devinit e100_probe(struct p
 #ifdef CONFIG_NET_POLL_CONTROLLER
 	netdev->poll_controller = e100_netpoll;
 #endif
-	strcpy(netdev->name, pci_name(pdev));
+	strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1);
 
 	nic = netdev_priv(netdev);
 	nic->netdev = netdev;

diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c
index 75de83e..dd01fdc 100644
--- a/drivers/net/e1000/e1000_main.c
+++ b/drivers/net/e1000/e1000_main.c

@@ -759,7 +759,7 @@ e1000_probe(struct pci_dev *pdev,
 #ifdef CONFIG_NET_POLL_CONTROLLER
 	netdev->poll_controller = e1000_netpoll;
 #endif
-	strcpy(netdev->name, pci_name(pdev));
+	strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1);
 
 	netdev->mem_start = mmio_start;
 	netdev->mem_end = mmio_start + mmio_len;

diff --git a/drivers/net/ixgb/ixgb_main.c b/drivers/net/ixgb/ixgb_main.c
index ad604fe..949e5de 100644
--- a/drivers/net/ixgb/ixgb_main.c
+++ b/drivers/net/ixgb/ixgb_main.c

@@ -437,7 +437,7 @@ ixgb_probe(struct pci_dev *pdev,
 	netdev->poll_controller = ixgb_netpoll;
 #endif
 
-	strcpy(netdev->name, pci_name(pdev));
+	strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1);
 	netdev->mem_start = mmio_start;
 	netdev->mem_end = mmio_start + mmio_len;
 	netdev->base_addr = adapter->hw.io_base;

---
Auke Kok [off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help