Lines 203-230
Link Here
|
203 |
|
203 |
|
204 |
static char *get_name(char *name, char *p) |
204 |
static char *get_name(char *name, char *p) |
205 |
{ |
205 |
{ |
|
|
206 |
int nameidx=0; |
206 |
while (isspace(*p)) |
207 |
while (isspace(*p)) |
207 |
p++; |
208 |
p++; |
208 |
while (*p) { |
209 |
/* Guard main loop - shouldn't ever be a problem, unless the kernel |
|
|
210 |
puts invalid data in the network device listing. IFNAMSIZ-1 is |
211 |
necessary as a terminator is written at the end of the loop */ |
212 |
while (*p && (nameidx<(IFNAMSIZ-1))) { |
209 |
if (isspace(*p)) |
213 |
if (isspace(*p)) |
210 |
break; |
214 |
break; |
211 |
if (*p == ':') { /* could be an alias */ |
215 |
if (*p == ':') { /* could be an alias */ |
212 |
char *dot = p, *dotname = name; |
216 |
char *dot = p; |
213 |
*name++ = *p++; |
217 |
int dotnameidx = nameidx; |
214 |
while (isdigit(*p)) |
218 |
name[nameidx++] = *p++; |
215 |
*name++ = *p++; |
219 |
/* Guard alias scanning - when bytes field is large |
|
|
220 |
enough it attaches to the : of the interface name, |
221 |
and this scan therefore tries to parse it - without the |
222 |
guard it is possible to overrun the name[] buffer. Limit |
223 |
is IFNAMSIZ-2 to allow space for the ':' written after |
224 |
this "while", and the terminator written after the |
225 |
enclosing "if". */ |
226 |
while (isdigit(*p) && (nameidx<(IFNAMSIZ-2))) |
227 |
name[nameidx++] = *p++; |
216 |
if (*p != ':') { /* it wasn't, backup */ |
228 |
if (*p != ':') { /* it wasn't, backup */ |
217 |
p = dot; |
229 |
p = dot; |
218 |
name = dotname; |
230 |
nameidx = dotnameidx; |
219 |
} |
231 |
} |
220 |
if (*p == '\0') |
232 |
if (*p == '\0') |
221 |
return NULL; |
233 |
return NULL; |
222 |
p++; |
234 |
p++; |
223 |
break; |
235 |
break; |
224 |
} |
236 |
} |
225 |
*name++ = *p++; |
237 |
name[nameidx++] = *p++; |
226 |
} |
238 |
} |
227 |
*name++ = '\0'; |
239 |
name[nameidx] = '\0'; |
228 |
return p; |
240 |
return p; |
229 |
} |
241 |
} |
230 |
|
242 |
|