[PATCH] NET: Ensure device name passed to SO_BINDTODEVICE is NULL terminated.

The user can pass us arbitrary garbage so we should ensure the string they give us is null terminated before we pass it on to dev_get_by_index() et al. Found by Solar Designer. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: David S. Miller <davem@davemloft.net> 2006-03-23 22:54:18 -0800
committer: Greg Kroah-Hartman <gregkh@suse.de> 2006-03-27 23:00:23 -0800
commit: 107d25ba4fcacf8e29bcad240b95fd9ef7314dac (patch)
tree: c606f370f0db2f9ba633931dfc981df08c3af648
parent: 739d40fed82810da8e923655c7f8140369641fc7 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/net/core/sock.c b/net/core/sock.c
index 13cc3be4f056..2a3e235bd1bc 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -403,8 +403,9 @@ set_rcvbuf:
 			if (!valbool) {
 				sk->sk_bound_dev_if = 0;
 			} else {
-				if (optlen > IFNAMSIZ) 
-					optlen = IFNAMSIZ; 
+				if (optlen > IFNAMSIZ - 1)
+					optlen = IFNAMSIZ - 1;
+				memset(devname, 0, sizeof(devname));
 				if (copy_from_user(devname, optval, optlen)) {
 					ret = -EFAULT;
 					break;
author	David S. Miller <davem@davemloft.net>	2006-03-23 22:54:18 -0800
committer	Greg Kroah-Hartman <gregkh@suse.de>	2006-03-27 23:00:23 -0800
commit	107d25ba4fcacf8e29bcad240b95fd9ef7314dac (patch)
tree	c606f370f0db2f9ba633931dfc981df08c3af648
parent	739d40fed82810da8e923655c7f8140369641fc7 (diff)