From mboxrd@z Thu Jan  1 00:00:00 1970
From: Serhey Popovych <serhe.popovych@gmail.com>
Subject: [PATCH net-next] dev: Correctly get length of alias string in dev_set_alias()
Date: Mon, 18 Dec 2017 23:38:35 +0200
Message-ID: <1513633115-16940-1-git-send-email-serhe.popovych@gmail.com>
To: netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-lf0-f65.google.com ([209.85.215.65]:44617 "EHLO
        mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S936995AbdLRVim (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 18 Dec 2017 16:38:42 -0500
Received: by mail-lf0-f65.google.com with SMTP id x204so19363010lfa.11
        for <netdev@vger.kernel.org>; Mon, 18 Dec 2017 13:38:41 -0800 (PST)
Received: from tuxracer.localdomain ([2a01:6d80::195:20:96:53])
        by smtp.gmail.com with ESMTPSA id z64sm2950516lfa.34.2017.12.18.13.38.39
        for <netdev@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 18 Dec 2017 13:38:39 -0800 (PST)
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

We supply number of bytes available in @alias via @len
parameter to dev_set_alias() which is not the same
as zero terminated string length that can be shorter.

Both dev_set_alias() users (rtnetlink and sysfs) can
submit number of bytes up to IFALIASZ with actual string
length slightly shorter by putting '\0' not at @len - 1.

Use strnlen() to get length of zero terminated string
and not access beyond @len. Correct comment about @len
and explain how to unset alias (i.e. use zero for @len).

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
 net/core/dev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index b0eee49..d362fe6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1243,7 +1243,7 @@ int dev_change_name(struct net_device *dev, const char *newname)
  *	dev_set_alias - change ifalias of a device
  *	@dev: device
  *	@alias: name up to IFALIASZ
- *	@len: limit of bytes to copy from info
+ *	@len: number of bytes available in @alias, zero to unset current alias
  *
  *	Set ifalias for a device,
  */
@@ -1255,6 +1255,8 @@ int dev_set_alias(struct net_device *dev, const char *alias, size_t len)
 		return -EINVAL;
 
 	if (len) {
+		len = strnlen(alias, len);
+
 		new_alias = kmalloc(sizeof(*new_alias) + len + 1, GFP_KERNEL);
 		if (!new_alias)
 			return -ENOMEM;
-- 
1.8.3.1