From 1b7780e9ecb46c6a5bbc8a831778a683f8ae80d8 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Mon, 18 Mar 2024 10:03:43 +0100 Subject: [PATCH] kernel: pf_ring: better define sa_data size pfring_mod_bind() needs to specify the interface name using struct sockaddr that is defined as struct sockaddr { ushort sa_family; char sa_data[14]; }; so the total interface name length is 13 chars (plus \0 trailer). Since sa_data size is arbitrary, define a more precise size for PF_RING socket use. This fix some compilation error with fortify string and makes the array handling more deterministic. Signed-off-by: Christian Marangi --- kernel/pf_ring.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) --- a/kernel/pf_ring.c +++ b/kernel/pf_ring.c @@ -158,6 +158,18 @@ #endif #endif +/* + pfring_mod_bind() needs to specify the interface + name using struct sockaddr that is defined as + + struct sockaddr { ushort sa_family; char sa_data[14]; }; + + so the total interface name length is 13 chars (plus \0 trailer). + Since sa_data size is arbitrary, define a more precise size for + PF_RING socket use. +*/ +#define RING_SA_DATA_LEN 14 + /* ************************************************* */ #if(LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0)) @@ -1032,7 +1044,7 @@ pf_ring_device *pf_ring_device_name_look so the total interface name length is 13 chars (plus \0 trailer). The check below is to trap this case. */ - || ((l >= 13) && (strncmp(dev_ptr->device_name, name, 13) == 0))) + || ((l >= RING_SA_DATA_LEN - 1) && (strncmp(dev_ptr->device_name, name, RING_SA_DATA_LEN - 1) == 0))) && device_net_eq(dev_ptr, net)) return dev_ptr; } @@ -5605,15 +5617,15 @@ static int ring_bind(struct socket *sock #ifndef RING_USE_SOCKADDR_LL } else if (addr_len == sizeof(struct sockaddr)) { /* Deprecated */ - char name[sizeof(sa->sa_data)+1]; + char name[RING_SA_DATA_LEN]; if (sa->sa_family != PF_RING) return(-EINVAL); - memcpy(name, sa->sa_data, sizeof(sa->sa_data)); + memcpy(name, sa->sa_data, RING_SA_DATA_LEN - 1); /* Add trailing zero if missing */ - name[sizeof(name)-1] = '\0'; + name[RING_SA_DATA_LEN-1] = '\0'; debug_printk(2, "searching device %s\n", name);