IPACM: fix the security issue in ConntrackClient Fix the security issue in IPACM ConntrackClient. Bug: 34361337 CRs-fixed: 2012248 Test: manual Change-Id: Ia586d9916fc6391ffce436fba9b1ceae1220bc48 Signed-off-by: Skylar Chang <chiaweic@codeaurora.org> Acked-by: Shihuan Liu <shihuanl@qti.qualcomm.com> Signed-off-by: Niranjan Pendharkar <npendhar@codeaurora.org> (cherry picked from commit 7d710b75c78a6c60b71bd54ca30c84aa655b4d75)

commit: d772782af329301ccb551636d8ad18cd4755c09f [log] [tgz]
author: Niranjan Pendharkar <npendhar@codeaurora.org> Tue Jul 25 15:45:42 2017 -0700
committer: pkanwar <pkanwar@google.com> Wed Jul 26 08:16:34 2017 -0700
tree: 507b37cab62172d64d6970066944c22df86c5825
parent: b2c20467fe5158224a66d7f06d4ab078480f7d23 [diff]
diff --git a/msm8998/ipacm/src/IPACM_ConntrackClient.cpp b/msm8998/ipacm/src/IPACM_ConntrackClient.cpp
index 10154ea..ffb0088 100644
--- a/msm8998/ipacm/src/IPACM_ConntrackClient.cpp
+++ b/msm8998/ipacm/src/IPACM_ConntrackClient.cpp

@@ -173,10 +173,18 @@
 	uint32_t ipv4_addr;
 	struct ifreq ifr;
 
+	if(strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name) >= sizeof(ifr.ifr_name))
+	{
+		IPACMERR("interface name overflows: len %d\n",
+			strlen(IPACM_Iface::ipacmcfg->ipa_virtual_iface_name));
+		close(fd);
+		return -1;
+	}
+
 	/* retrieve bridge interface ipv4 address */
 	memset(&ifr, 0, sizeof(struct ifreq));
 	ifr.ifr_addr.sa_family = AF_INET;
-	(void)strncpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
+	(void)strlcpy(ifr.ifr_name, IPACM_Iface::ipacmcfg->ipa_virtual_iface_name, sizeof(ifr.ifr_name));
 	IPACMDBG("bridge interface name (%s)\n", ifr.ifr_name);
 
 	ret = ioctl(fd, SIOCGIFADDR, &ifr);
commit	d772782af329301ccb551636d8ad18cd4755c09f	[log] [tgz]
author	Niranjan Pendharkar <npendhar@codeaurora.org>	Tue Jul 25 15:45:42 2017 -0700
committer	pkanwar <pkanwar@google.com>	Wed Jul 26 08:16:34 2017 -0700
tree	507b37cab62172d64d6970066944c22df86c5825
parent	b2c20467fe5158224a66d7f06d4ab078480f7d23 [diff]