Skip to content
Browse files

do not use sprintf(), nor strcpy(). they are unboundded operation.

for ifr_name people use memcpy() or bcopy() in many cases, but in this case,
variable "iface" is a char *, so i used strlcpy().
  • Loading branch information...
1 parent 0bf3492 commit a77eb23e12f9304810dfed635460ced09454e2f9 itojun committed
Showing with 3 additions and 3 deletions.
  1. +3 −3 kame/kame/rafixd/rafixd.c
View
6 kame/kame/rafixd/rafixd.c
@@ -1,4 +1,4 @@
-/* $KAME: rafixd.c,v 1.8 2004/07/06 10:21:49 jinmei Exp $ */
+/* $KAME: rafixd.c,v 1.9 2007/07/24 22:01:41 itojun Exp $ */
/*
* Copyright (C) 2003 WIDE Project.
@@ -511,7 +511,7 @@ bpf_open(iface)
struct ifreq ifr;
do {
- sprintf(dev, "/dev/bpf%d", n++);
+ snprintf(dev, sizeof(dev), "/dev/bpf%d", n++);
fd = open(dev, O_RDWR);
} while (fd < 0 && n < 4);
@@ -527,7 +527,7 @@ bpf_open(iface)
}
bzero(&ifr, sizeof(ifr));
- strcpy(ifr.ifr_name, iface);
+ strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
if (ioctl(fd, BIOCSETIF, &ifr) < 0) {
perror("ioctl(BIOCSETIF)");
return (-1);

0 comments on commit a77eb23

Please sign in to comment.
Something went wrong with that request. Please try again.