From 4347ec3e3ee46e42708b7d437ad148f1bb771716 Mon Sep 17 00:00:00 2001
From: Bernd Eckenfels <net-tools@lina.inka.de>
Date: Wed, 11 Oct 2006 01:13:57 +0000
Subject: Fixed Debian Bug #392263 reported by Jochen Voss (buffer overflow in
 dev argument processing)

---
 ipmaddr.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'ipmaddr.c')

diff --git a/ipmaddr.c b/ipmaddr.c
index 2134e81..89cdc08 100644
--- a/ipmaddr.c
+++ b/ipmaddr.c
@@ -291,13 +291,15 @@ static void print_mlist(FILE *fp, struct ma_info *list)
 static int multiaddr_list(int argc, char **argv)
 {
 	struct ma_info *list = NULL;
+	size_t l;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "dev") == 0) {
 			NEXT_ARG();
-			if (filter_dev[0])
+			l = strlen(*argv);
+			if (l <= 0 || l >= sizeof(filter_dev))
 				usage();
-			strcpy(filter_dev, *argv);
+			strncpy(filter_dev, *argv, sizeof (filter_dev));
 		} else if (strcmp(*argv, "all") == 0) {
 			filter_family = AF_UNSPEC;
 		} else if (strcmp(*argv, "ipv4") == 0) {
@@ -307,9 +309,10 @@ static int multiaddr_list(int argc, char **argv)
 		} else if (strcmp(*argv, "link") == 0) {
 			filter_family = AF_PACKET;
 		} else {
-			if (filter_dev[0])
+			l = strlen(*argv);
+			if (l <= 0 || l >= sizeof(filter_dev))
 				usage();
-			strcpy(filter_dev, *argv);
+			strncpy(filter_dev, *argv, sizeof (filter_dev));
 		}
 		argv++; argc--;
 	}
-- 
cgit v1.2.3-65-gdbad