* Daniel Fuchs: > Hi, > > On 02/09/2020 08:19, Florian Weimer wrote: >> At least one of the bugs was in theory user-visible: the network >> interface code would return data for an interface that does not actually >> exist on the system. > > WRT NetworkInterface.c, I might support using `strnlen` to check > the length before hand, if that solves both cases (gcc8 and gcc10). > I'm always a bit nervous of changing the behavior in this library > as it's hard to verify that no regression is introduced.
I think you should use strlen. If the string is longer than the buffer sent to the kernel, it cannot match an existing interface because all the names are shorter. So some sort of “not found” error needs to reported. (I assume that it's actually a bug that you can look up a network interface by a name that merely shares the same prefix with an actual interface on the system.) Thanks, Florian
