--- net-tools-1.60.orig/lib/interface.c	2004-07-28 16:25:38.000000000 +0200
+++ net-tools-1.60.orig/lib/interface.c	2004-07-29 10:40:09.522762528 +0200
@@ -203,28 +203,40 @@ 
 
 static char *get_name(char *name, char *p)
 {
+    int nameidx=0;
     while (isspace(*p))
 	p++;
-    while (*p) {
+    /* Guard main loop - shouldn't ever be a problem, unless the kernel
+       puts invalid data in the network device listing. IFNAMSIZ-1 is
+       necessary as a terminator is written at the end of the loop */
+    while (*p && (nameidx<(IFNAMSIZ-1))) {
 	if (isspace(*p))
 	    break;
 	if (*p == ':') {	/* could be an alias */
-	    char *dot = p, *dotname = name;
-	    *name++ = *p++;
-	    while (isdigit(*p))
-		*name++ = *p++;
+	    char *dot = p;
+	    int dotnameidx = nameidx;
+	    name[nameidx++] = *p++;
+	    /* Guard alias scanning - when bytes field is large
+	       enough it attaches to the : of the interface name,
+	       and this scan therefore tries to parse it - without the
+	       guard it is possible to overrun the name[] buffer.  Limit
+	       is IFNAMSIZ-2 to allow space for the ':' written after
+	       this "while", and the terminator written after the
+	       enclosing "if". */
+	    while (isdigit(*p) && (nameidx<(IFNAMSIZ-2)))
+		name[nameidx++] = *p++;
 	    if (*p != ':') {	/* it wasn't, backup */
 		p = dot;
-		name = dotname;
+		nameidx = dotnameidx;
 	    }
 	    if (*p == '\0')
 		return NULL;
 	    p++;
 	    break;
 	}
-	*name++ = *p++;
+	name[nameidx++] = *p++;
     }
-    *name++ = '\0';
+    name[nameidx] = '\0';
     return p;
 }