From 144e698dc7483c92ff6976cc03903743b9009e35 Mon Sep 17 00:00:00 2001
From: Sven Schmitt <sven.schmitt@volkswagen.de>
Date: Fri, 3 Apr 2015 14:40:22 +0200
Subject: [PATCH] Added missing length check for strcpy(ifr.ifr_name, argv[x]).

---
 canfdtest.c    | 4 ++++
 cansend.c      | 4 ++++
 isotpdump.c    | 4 ++++
 isotprecv.c    | 4 ++++
 isotpsend.c    | 4 ++++
 isotpserver.c  | 4 ++++
 isotpsniffer.c | 5 +++++
 isotptun.c     | 4 ++++
 slcanpty.c     | 4 ++++
 9 files changed, 37 insertions(+)

diff --git a/canfdtest.c b/canfdtest.c
index 28b2042..9059bf4 100644
--- a/canfdtest.c
+++ b/canfdtest.c
@@ -356,6 +356,10 @@ int main(int argc, char *argv[])
 	}
 
 	addr.can_family = family;
+	if (strlen(intf_name) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", intf_name);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, intf_name);
 	ioctl(sockfd, SIOCGIFINDEX, &ifr);
 	addr.can_ifindex = ifr.ifr_ifindex;
diff --git a/cansend.c b/cansend.c
index aec64a5..cf38be0 100644
--- a/cansend.c
+++ b/cansend.c
@@ -96,6 +96,10 @@ int main(int argc, char **argv)
 
 	addr.can_family = AF_CAN;
 
+	if (strlen(argv[1]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[1]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[1]);
 	if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
 		perror("SIOCGIFINDEX");
diff --git a/isotpdump.c b/isotpdump.c
index 6e64eef..7ef6118 100644
--- a/isotpdump.c
+++ b/isotpdump.c
@@ -202,6 +202,10 @@ int main(int argc, char **argv)
 
 	setsockopt(s, SOL_CAN_RAW, CAN_RAW_FILTER, &rfilter, sizeof(rfilter));
 
+	if (strlen(argv[optind]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[optind]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[optind]);
 	ioctl(s, SIOCGIFINDEX, &ifr);
 	ifindex = ifr.ifr_ifindex;
diff --git a/isotprecv.c b/isotprecv.c
index 5c4f2a5..1849772 100644
--- a/isotprecv.c
+++ b/isotprecv.c
@@ -232,6 +232,10 @@ int main(int argc, char **argv)
 	    setsockopt(s, SOL_CAN_ISOTP, CAN_ISOTP_RX_STMIN, &force_rx_stmin, sizeof(force_rx_stmin));
 
     addr.can_family = AF_CAN;
+    if (strlen(argv[optind]) >= IFNAMSIZ) {
+	    printf("name of CAN device '%s' is too long!\n", argv[optind]);
+	    return 1;
+    }
     strcpy(ifr.ifr_name, argv[optind]);
     ioctl(s, SIOCGIFINDEX, &ifr);
     addr.can_ifindex = ifr.ifr_ifindex;
diff --git a/isotpsend.c b/isotpsend.c
index e0256cb..5824461 100644
--- a/isotpsend.c
+++ b/isotpsend.c
@@ -224,6 +224,10 @@ int main(int argc, char **argv)
 	    setsockopt(s, SOL_CAN_ISOTP, CAN_ISOTP_TX_STMIN, &force_tx_stmin, sizeof(force_tx_stmin));
 
     addr.can_family = AF_CAN;
+    if (strlen(argv[optind]) >= IFNAMSIZ) {
+	    printf("name of CAN device '%s' is too long!\n", argv[optind]);
+	    return 1;
+    }
     strcpy(ifr.ifr_name, argv[optind]);
     ioctl(s, SIOCGIFINDEX, &ifr);
     addr.can_ifindex = ifr.ifr_ifindex;
diff --git a/isotpserver.c b/isotpserver.c
index b900f27..09d0762 100644
--- a/isotpserver.c
+++ b/isotpserver.c
@@ -345,6 +345,10 @@ int main(int argc, char **argv)
 	}
 
 	caddr.can_family = AF_CAN;
+	if (strlen(argv[optind]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[optind]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[optind]);
 	if (ioctl(sc, SIOCGIFINDEX, &ifr) < 0) {
 		perror("SIOCGIFINDEX");
diff --git a/isotpsniffer.c b/isotpsniffer.c
index 7618dca..e84d313 100644
--- a/isotpsniffer.c
+++ b/isotpsniffer.c
@@ -272,6 +272,11 @@ int main(int argc, char **argv)
 	opts.flags |= CAN_ISOTP_LISTEN_MODE;
 
 	addr.can_family = AF_CAN;
+
+	if (strlen(argv[optind]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[optind]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[optind]);
 	ioctl(s, SIOCGIFINDEX, &ifr);
 	addr.can_ifindex = ifr.ifr_ifindex;
diff --git a/isotptun.c b/isotptun.c
index c793f42..7dbf5eb 100644
--- a/isotptun.c
+++ b/isotptun.c
@@ -266,6 +266,10 @@ int main(int argc, char **argv)
 	}
 
 	addr.can_family = AF_CAN;
+	if (strlen(argv[optind]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[optind]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[optind]);
 	ioctl(s, SIOCGIFINDEX, &ifr);
 	addr.can_ifindex = ifr.ifr_ifindex;
diff --git a/slcanpty.c b/slcanpty.c
index c062a02..58072db 100644
--- a/slcanpty.c
+++ b/slcanpty.c
@@ -491,6 +491,10 @@ int main(int argc, char **argv)
 
 	addr.can_family = AF_CAN;
 
+	if (strlen(argv[2]) >= IFNAMSIZ) {
+		printf("name of CAN device '%s' is too long!\n", argv[2]);
+		return 1;
+	}
 	strcpy(ifr.ifr_name, argv[2]);
 	if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
 		perror("SIOCGIFINDEX");