Return-Path: From: Szymon Janc To: Dohyun Pyun Cc: linux-bluetooth@vger.kernel.org, steve.jun@samsung.com Subject: Re: [PATCH BLUEZ] android/pan: Fix not NULL terminating parsed string Date: Wed, 29 Jul 2015 09:29:33 +0200 Message-ID: <3434204.zRI1YPC0Rc@leonov> In-Reply-To: <1438151088-26152-1-git-send-email-dh79.pyun@samsung.com> References: <1438151088-26152-1-git-send-email-dh79.pyun@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi Dohyun Pyun, On Wednesday 29 of July 2015 15:24:48 Dohyun Pyun wrote: > From: DoHyun Pyun > > This patch prevents the possible not NULL terminating problem. > ifr_name's array size is IFNAMSIZ. So If BNEP_BRIDGE has IFNAMSIZ size, > the name string will be not NULL terminating. > --- > android/pan.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/android/pan.c b/android/pan.c > index 0bb576e..c40a6d3 100644 > --- a/android/pan.c > +++ b/android/pan.c > @@ -88,7 +88,7 @@ static int set_forward_delay(int sk) > struct ifreq ifr; > > memset(&ifr, 0, sizeof(ifr)); > - strncpy(ifr.ifr_name, BNEP_BRIDGE, IFNAMSIZ); > + strncpy(ifr.ifr_name, BNEP_BRIDGE, IFNAMSIZ - 1); > ifr.ifr_data = (char *) args; > > if (ioctl(sk, SIOCDEVPRIVATE, &ifr) < 0) { Patch applied, thanks. -- BR Szymon Janc