summaryrefslogtreecommitdiff
path: root/net/ipv4/ipvs/ip_vs_sync.c
diff options
context:
space:
mode:
authorpageexec <pageexec@freemail.hu>2005-06-27 03:00:19 +0400
committerDavid S. Miller <davem@davemloft.net>2005-06-27 03:00:19 +0400
commit4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae (patch)
treec15f61c9c0a1b1e88990eab47ebc89a4a83b3a4e /net/ipv4/ipvs/ip_vs_sync.c
parentd470e3b483dcf79c16463bc740738dca76a035a9 (diff)
downloadlinux-4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae.tar.xz
[IPVS]: Fix for overflows
From: <pageexec@freemail.hu> $subject was fixed in 2.4 already, 2.6 needs it as well. The impact of the bugs is a kernel stack overflow and privilege escalation from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON ioctls. People running with 'root=all caps' (i.e., most users) are not really affected (there's nothing to escalate), but SELinux and similar users should take it seriously if they grant CAP_NET_ADMIN to other users. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ipvs/ip_vs_sync.c')
-rw-r--r--net/ipv4/ipvs/ip_vs_sync.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c
index 25c479550a32..574d1f509b46 100644
--- a/net/ipv4/ipvs/ip_vs_sync.c
+++ b/net/ipv4/ipvs/ip_vs_sync.c
@@ -839,10 +839,10 @@ int start_sync_thread(int state, char *mcast_ifn, __u8 syncid)
ip_vs_sync_state |= state;
if (state == IP_VS_STATE_MASTER) {
- strcpy(ip_vs_master_mcast_ifn, mcast_ifn);
+ strlcpy(ip_vs_master_mcast_ifn, mcast_ifn, sizeof(ip_vs_master_mcast_ifn));
ip_vs_master_syncid = syncid;
} else {
- strcpy(ip_vs_backup_mcast_ifn, mcast_ifn);
+ strlcpy(ip_vs_backup_mcast_ifn, mcast_ifn, sizeof(ip_vs_backup_mcast_ifn));
ip_vs_backup_syncid = syncid;
}