diff options
author | Antony Pavlov <antonynpavlov@gmail.com> | 2019-07-02 12:59:59 +0300 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-07-11 07:12:15 +0200 |
commit | b6eab2a491184dcf6361baeca709c3d781a165bb (patch) | |
tree | a1e2fb84153d1183b7f93ace1316dbf533d0eb7f | |
parent | 3f44fcb45ea874251fe0544cc6fd76518adaab0f (diff) | |
download | barebox-b6eab2a491184dcf6361baeca709c3d781a165bb.tar.gz barebox-b6eab2a491184dcf6361baeca709c3d781a165bb.tar.xz |
sandbox: prevent segfault in tap_alloc()
Tap network interface initialization in sandbox
barebox leads to segfault under Debian Buster/Sid.
The problem is that strcpy(dev, ifr.ifr_name) inside
tap_alloc() tries to alter read-only data passed
by tap_probe() and barebox receives SIGSEGV.
Nobody uses network interface name returned
by tap_alloc() so we can drop this strcpy().
Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
-rw-r--r-- | arch/sandbox/mach-sandbox/include/mach/linux.h | 2 | ||||
-rw-r--r-- | arch/sandbox/os/tap.c | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/arch/sandbox/mach-sandbox/include/mach/linux.h b/arch/sandbox/mach-sandbox/include/mach/linux.h index 52360f8771..7d0ed55735 100644 --- a/arch/sandbox/mach-sandbox/include/mach/linux.h +++ b/arch/sandbox/mach-sandbox/include/mach/linux.h @@ -8,7 +8,7 @@ int sandbox_add_device(struct device_d *dev); struct fb_bitfield; int linux_register_device(const char *name, void *start, void *end); -int tap_alloc(char *dev); +int tap_alloc(const char *dev); uint64_t linux_get_time(void); int linux_read(int fd, void *buf, size_t count); int linux_read_nonblock(int fd, void *buf, size_t count); diff --git a/arch/sandbox/os/tap.c b/arch/sandbox/os/tap.c index 0e29e8e8ad..3a29a4be64 100644 --- a/arch/sandbox/os/tap.c +++ b/arch/sandbox/os/tap.c @@ -28,7 +28,7 @@ #include <linux/if_tun.h> #include <string.h> -int tap_alloc(char *dev) +int tap_alloc(const char *dev) { struct ifreq ifr; int fd, err; @@ -55,7 +55,6 @@ int tap_alloc(char *dev) return err; } - strcpy(dev, ifr.ifr_name); return fd; } |