From 15b6885fe0ac67a23bbf80f90b1854c3bd7db984 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Mon, 10 Sep 2012 01:25:50 +0200
Subject: [PATCH] Make sure that *really* no more than sizeof(ifr.ifr_name)
 chars are strcpy-ed to ifr.ifr_name and that the string is *always* NUL
 terminated. New code shouldn't use strcpy(), too. CID 719692

---
 Modules/socketmodule.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index 717667454a5..d8c81fe1566 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -1674,7 +1674,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args,
             if (len == 0) {
                 ifr.ifr_ifindex = 0;
             } else if (len < sizeof(ifr.ifr_name)) {
-                strcpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName));
+                strncpy(ifr.ifr_name, PyBytes_AS_STRING(interfaceName), sizeof(ifr.ifr_name));
+                ifr.ifr_name[(sizeof(ifr.ifr_name))-1] = '\0';
                 if (ioctl(s->sock_fd, SIOCGIFINDEX, &ifr) < 0) {
                     s->errorhandler();
                     Py_DECREF(interfaceName);