daemon/network: fix heap-buffer-overflow in endpoint key generation

Reproducible by listening on an interface by name, ASAN reports a heap-buffer-overflow. This was a regression caused by !1286, which did not account for null-terminators properly.

daemon/network: fix heap-buffer-overflow in endpoint key generation
Reproducible by listening on an interface by name, ASAN reports a heap-buffer-overflow. This was a regression caused by !1286, which did not account for null-terminators properly.
373f49f0 · Oto Šťáva · f56e1c08 · 373f49f0
Commit 373f49f0 authored 2 years ago by Oto Šťáva
--- a/daemon/network.c
+++ b/daemon/network.c
@@ -302,6 +302,8 @@ void network_deinit(struct network *net)
 	}
 }
+/** Creates an endpoint key for use with a `trie_t` and stores it into `dst`.
+ * Returns the actual length of the generated key. */
 static ssize_t endpoint_key_create(struct endpoint_key_storage *dst,
                                   const char *addr_str,
                                   const struct sockaddr *sa)
@@ -317,8 +319,11 @@ static ssize_t endpoint_key_create(struct endpoint_key_storage *dst,
 	} else {
 		struct endpoint_key_ifname *key = &dst->ifname;
 		key->type = ENDPOINT_KEY_IFNAME;
+		/* The subtractions and additions of 1 are here to account for
+		 * null-terminators. */
 		strncpy(key->ifname, addr_str, sizeof(key->ifname) - 1);
-		return sizeof(struct endpoint_key) + strnlen(key->ifname, sizeof(key->ifname));
+		return sizeof(struct endpoint_key) + strlen(key->ifname) + 1;
 	}
 }