[quagga-dev 3096] Re: bugs related to length of interface names

Andrew J. Schorr aschorr at telemetry-investments.com
Sun Apr 3 04:18:14 BST 2005


This looks to me like a bug in zebra/if_proc.c:ifaddr_proc_ipv6():

  char ifname[20];

      n = sscanf (buf, "%32s %02x %02x %02x %02x %20s", 
                  addr, &ifindex, &plen, &scope, &status, ifname);

If ifname has 20 chars, then doesn't scanf("%20s",ifname) risk
overflowing ifname (putting '\0' in ifname[20])?

Is that 20 supposed to correspond to INTERFACE_NAMSIZ?  Or is there
some other (more meaningful?) reason for using a value of 20?

Regards,
Andy



More information about the Quagga-dev mailing list