Skip to content

Commit

Permalink
Ensure memcpy of mac lengths does not overflow buffers (#18757)
Browse files Browse the repository at this point in the history
* Ensure memcpy of mac lengths does not overflow buffers

* Ensure 0 memset in case mac address is too short

* Use std::min instead of explicit if

* Add missing include and cast for std::min
  • Loading branch information
andy31415 authored and pull[bot] committed Dec 22, 2023
1 parent 64035ce commit 5786405
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion src/platform/Linux/ConfigurationManagerImpl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@
#include <platform/Linux/PosixConfig.h>
#include <platform/internal/GenericConfigurationManagerImpl.ipp>

#include <algorithm>

namespace chip {
namespace DeviceLayer {

Expand Down Expand Up @@ -130,13 +132,18 @@ CHIP_ERROR ConfigurationManagerImpl::GetPrimaryWiFiMACAddress(uint8_t * buf)
CHIP_ERROR error = CHIP_NO_ERROR;
bool found = false;

// TODO: ideally the buffer size should have been passed as a span, however
// for now use the size that is validated in GenericConfigurationManagerImpl.ipp
constexpr size_t kExpectedBufMinSize = ConfigurationManager::kPrimaryMACAddressLength;
memset(buf, 0, kExpectedBufMinSize);

VerifyOrExit(getifaddrs(&addresses) == 0, error = CHIP_ERROR_INTERNAL);
for (auto addr = addresses; addr != nullptr; addr = addr->ifa_next)
{
if ((addr->ifa_addr) && (addr->ifa_addr->sa_family == AF_PACKET) && strncmp(addr->ifa_name, "lo", IFNAMSIZ) != 0)
{
struct sockaddr_ll * mac = (struct sockaddr_ll *) addr->ifa_addr;
memcpy(buf, mac->sll_addr, mac->sll_halen);
memcpy(buf, mac->sll_addr, std::min<size_t>(mac->sll_halen, kExpectedBufMinSize));
found = true;
break;
}
Expand Down

0 comments on commit 5786405

Please sign in to comment.