From 57864057786c75f214e2a0af335e7fb01365d117 Mon Sep 17 00:00:00 2001 From: Andrei Litvin Date: Wed, 25 May 2022 12:48:10 -0400 Subject: [PATCH] Ensure memcpy of mac lengths does not overflow buffers (#18757) * Ensure memcpy of mac lengths does not overflow buffers * Ensure 0 memset in case mac address is too short * Use std::min instead of explicit if * Add missing include and cast for std::min --- src/platform/Linux/ConfigurationManagerImpl.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/platform/Linux/ConfigurationManagerImpl.cpp b/src/platform/Linux/ConfigurationManagerImpl.cpp index bd30d3fb2e43be..b0e7b8cfd37b65 100644 --- a/src/platform/Linux/ConfigurationManagerImpl.cpp +++ b/src/platform/Linux/ConfigurationManagerImpl.cpp @@ -37,6 +37,8 @@ #include #include +#include + namespace chip { namespace DeviceLayer { @@ -130,13 +132,18 @@ CHIP_ERROR ConfigurationManagerImpl::GetPrimaryWiFiMACAddress(uint8_t * buf) CHIP_ERROR error = CHIP_NO_ERROR; bool found = false; + // TODO: ideally the buffer size should have been passed as a span, however + // for now use the size that is validated in GenericConfigurationManagerImpl.ipp + constexpr size_t kExpectedBufMinSize = ConfigurationManager::kPrimaryMACAddressLength; + memset(buf, 0, kExpectedBufMinSize); + VerifyOrExit(getifaddrs(&addresses) == 0, error = CHIP_ERROR_INTERNAL); for (auto addr = addresses; addr != nullptr; addr = addr->ifa_next) { if ((addr->ifa_addr) && (addr->ifa_addr->sa_family == AF_PACKET) && strncmp(addr->ifa_name, "lo", IFNAMSIZ) != 0) { struct sockaddr_ll * mac = (struct sockaddr_ll *) addr->ifa_addr; - memcpy(buf, mac->sll_addr, mac->sll_halen); + memcpy(buf, mac->sll_addr, std::min(mac->sll_halen, kExpectedBufMinSize)); found = true; break; }